[Free-RTC] kamaillio script for federated communications

Peter Saint-Andre stpeter at stpeter.im
Fri Jun 21 17:56:46 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/21/13 9:41 AM, Olle E. Johansson wrote:
> 
> 21 jun 2013 kl. 15:05 skrev Daniel Pocock <daniel at pocock.com.au 
> <mailto:daniel at pocock.com.au>>:
> 
>>> * The config uses DNS to establish the transport available on
>>> the remote proxy. It doesn't use DNSSEC to do this.
>> 
>> I'm not sure if DNSSEC matters if the TLS certificate is valid -
>> some people may prefer to trust the TLS cert and not place any
>> trust in the DNSSEC trust model
> 
> THat's quite a misguided statement. If DNS points to an incorrect 
> destination that succeeds in providing a certificate that you
> accept - how can that be a good solution?
> 
> DNSsec verification tells you that you have a authorized binding
> between the hostname and the IP.
> 
> TLS will tell you that you have a binding between the URI you're
> looking for and the server.
> 
> That's two different things.
> 
> DANE - TLS verification using DNSsec - is an alternative to the
> current rather insecure way of handling CA certificates. But that's
> another story. I think you're mixing DANE with DNSsec in your
> statement, Daniel.

DANE will be a good alternative, once it is more widely deployed.
Unfortunately I think that won't happen very quickly. :(

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRxHe+AAoJEOoGpJErxa2pKgMP/16AfiPt1rewQ/dkdv9zcfUO
AASP/cKkzBU6RUFRiPVIuRovKpXqxKrs9Gd3EUYVB0XvVjQ2gPdrtaYoeCn7cWji
3KkxbdKC33w83ih9Rr9kZMKZtwOPYpwWziZhzC8LYAhdKAavVzmgu6orfOqAwsAN
UnqdsVNNccFD9yeATAu105cua2cGVd4oHLKhjCoJE+IbDGfgeR/h/PWnR1D6oFHs
A1EgVe4fLFmuW2+3rYhcBt5MT/H6G7Eowy5LYinVeuQ5AocbBl7MhMPMMEJGnnTc
ut6B0Mj5q69lONc7uu5OCYE/3D0rZfvAKrWfgBcOrtqvDuJIe8Zv49sjzSXcmB1v
+M7vhL2jB0GiLfCfqUPWRHqIr47syKiLTxX+C/0+9DJfOdKtRjJHLKVPvMWT77+s
03ve2bbGyFEyTM3HColbUVxjKf4k1fLFeilcojIRq3hiAJS0JwAYAt57zb3S4LEB
DL/PI1HdUeZCWN6lD876tik4c0EUFRfzhm2HfP70PaDb8GnL4c/FpMHY7b6o9go7
kcggIkIDtTrH+/03nZ2zYU94vKOtbMsXBX6XQGpw3x1ZJvTrjYjRt5FVIAF8VyDj
Dc35wi2tC47/9GrTv0M+xeHjuw6OuYFdEIsKK+1CuTg5LscpK6MrJVEcXP617s8x
TMLMgunz3DWiproDt/ft
=nKQM
-----END PGP SIGNATURE-----


More information about the Free-RTC mailing list