[VOIPSEC] VoIP and Fraud
Christopher A. Martin
chris at sip1.com
Wed Feb 16 21:52:52 CST 2005
Here is a good site to look into...regarding trusted certificate
authorities...
http://www.cacert.org/
________________________________
Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
Domains.SIP1.com
http://domains.sip1.com
Low cost domain name registration & other Internet services.
Sign up for your PayPal merchant account today and start selling your
products on line today!
https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Geoff Devine
Sent: Tuesday, February 15, 2005 10:37 PM
To: Brian Rosen; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] VoIP and Fraud
Brian Rosen wrote:
> We will protect the signaling with TLS, but we will accept a self signed
cert.
Great stuff. Since this is a fraud thread, isn't there a fraud issue with a
self-signed certificate? You're essentially allowing people to self-declare
that they're really themselves. In this case, not only can you not trust
the endpoint, but you're also not even really authenticating them. That's
reasonable in a 911 application where you don't want to have someone die
because they can't produce the digital equivalent of a valid photo ID but
you certainly are vulnerable.
Geoff
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list