[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-users] hardware with secure key for linphone
|
From: |
Louis Holbrook |
|
Subject: |
Re: [Linphone-users] hardware with secure key for linphone |
|
Date: |
Mon, 4 May 2020 19:59:00 +0200 |
David,
wouldn't the device still be creating the key material though? And
potentially however are in control of that hardware would be able to
compromise that key material and access backdoor? Whether the server is
here or there won't change that?
I'm thinking of end-to-end encryption here, of course.
On Mon, May 04, 2020 at 06:32:26PM +0200, David Kuehling wrote:
> >>>>> "Louis" == Louis Holbrook <address@hidden> writes:
>
> > I was looking into getting a hardware SIP phone today, but couldn't
> > find any alternatives which tell me that key is not potentially
> > compromised with a back door somehow.
>
> > Putting linphone on an Android kind of suffers the same fate, with
> > google ultimately controlling the bottom layer.
>
> > So I'd like to ask: Are there any certified (open) hardware solutions
> > to put linphone on, where I can have a greater guarantee that key
> > integrity is kept and no (deliberate by design) backdoors are
> > implemented?
>
> Not a direct answer to your question, but still:
>
> If the hardware phone is located in a network you control, you could
> force it to communicate outwards via a trusted (open source) SIP media
> server and otherwise firewall it off and/or put it onto a VLAN etc. so
> that it has no way to leak any information to the world outside your
> network. In theory any audio/video would then be (re-)encrypted on your
> SIP server (e.g. asterisk/pjsip with direct_media disabled) so that's
> the only place that you need to trust with that solution.
>
> David
>