[VOIPSEC] Why a secure keyechange for media encryption?
Randell Jesup
rjesup at wgate.com
Mon May 1 22:25:26 CDT 2006
Michael Prochaska <tm021090 at fh-stpoelten.ac.at> writes:
>Gupta, Sachin schrieb:
>sorry, but i don't understand your doubt.
>
>of course, if i call foo at bar.com i don't know where foo at bar.com is. but
>as you say, there must be a registrar at bar.com which knows where
>foo at bar.com is.
>
>to get the public key of foo at bar.com there has to be a service at
>bar.com which provides you with the key.
>
>are there any problems i don't see?
Yes - who validated bar.com? Someone could be spoofing/intercepting bar.com.
bar.com would have to be validated by some_registrar.com, and that would
need to be a "well-known" root cert that the client already knows. Or so
I'd guessing.
--
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
- James Madison, 4th US president (1751-1836)
More information about the Voipsec
mailing list