[Free-RTC] QR codes, mobile SIP provisioning, TLS certs

Olle E. Johansson oej at edvina.net
Fri Jul 8 09:12:09 CEST 2016


> On 07 Jul 2016, at 19:37, Daniel Pocock <daniel at pocock.pro> wrote:
> 
> Every vendor of deskphones has their own provisioning system, they are
> all quite different.  Some are quite effective, e.g. the way Polycom
> puts certificates in every phone to avoid the risk of exposing
> credentials during provisioning or subsequent updates.
Polycom’s system was broken because there was no secure way
to validate their root ca. It was only available from a non-TLS site
and wasn’t referred to in any printed documentation, not on promotional
USB sticks or anything…

Good idea, poor implementation. If they made it available on a web
site with HTTPS it would have been much easier to trust the CA.

/O


More information about the Free-RTC mailing list