[VOIPSEC] VoIP and Fraud
Geoff Devine
gdevine at cedarpointcom.com
Tue Feb 15 22:36:40 CST 2005
Brian Rosen wrote:
> We will protect the signaling with TLS, but we will accept a self signed cert.
Great stuff. Since this is a fraud thread, isn't there a fraud issue with a self-signed certificate? You're essentially allowing people to self-declare that they're really themselves. In this case, not only can you not trust the endpoint, but you're also not even really authenticating them. That's reasonable in a 911 application where you don't want to have someone die because they can't produce the digital equivalent of a valid photo ID but you certainly are vulnerable.
Geoff
More information about the Voipsec
mailing list