[VOIPSEC] Why a secure keyechange for media encryption?
Michael Prochaska
tm021090 at fh-stpoelten.ac.at
Mon May 1 22:39:25 CDT 2006
>>sorry, but i don't understand your doubt.
>>
>>of course, if i call foo at bar.com i don't know where foo at bar.com is. but
>>as you say, there must be a registrar at bar.com which knows where
>>foo at bar.com is.
>>
>>to get the public key of foo at bar.com there has to be a service at
>>bar.com which provides you with the key.
>>
>>are there any problems i don't see?
>
>
> Yes - who validated bar.com? Someone could be spoofing/intercepting bar.com.
> bar.com would have to be validated by some_registrar.com, and that would
> need to be a "well-known" root cert that the client already knows. Or so
> I'd guessing.
>
ok, sorry, i have used key synonymous with certificate.
bar.com is a PKI cloude with root-CA. any other providers / companies
have there own root-CA. if two communication partners of various clouds
want to communicate secure, the two clouds have to be cross certified
through a bridge CA.
i hope my thoughts are clearer now.
regards,
michael
More information about the Voipsec
mailing list