[prev in list] [next in list] [prev in thread] [next in thread]
List: asterisk-users
Subject: Re: [asterisk-users] CA Issued Certificates / TLS + SRTP
From: Rob Townley <rob.townley () gmail ! com>
Date: 2013-06-21 14:46:22
Message-ID: CA+VdTb-H2RMuyU-aiQKkCohd0e0ydwVJLpvXvfLOR58Tjmf1Lw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
- External Feature Requests <https://jira.polycom.com:8443/browse/EXT>
- EXT-4669 <https://jira.polycom.com:8443/browse/EXT-4669>
Please add StartSSL.com StartCOM Certificate
Authority<https://jira.polycom.com:8443/browse/EXT-4669>
https://jira.polycom.com:8443/browse/EXT-4669
On Wed, Feb 1, 2012 at 6:06 AM, Daniel Pocock
<daniel@readytechnology.co.uk>wrote:
>
>
> On 01/02/12 10:58, Stuart Elvish wrote:
> > Thanks for the clarification. I have looked at Polycom's website and
> > saw which phones have the latest firmware (or at least a firmware that
> > supports TLS) available.
> >
> > Didn't get around to the testing with the chained certificate but will
> > try again this evening.
> >
> >
>
> One thing that frustrates people about Polycom is the very limited list
> of root CAs they support - it was probably OK when they first started
> doing SSL, but things have changed a lot now
>
> The latest phones (e.g. IP321) have more memory than those they replace
> (e.g. IP320) and so they should be able to handle a larger list of built
> in root CAs (which Polycom can distribute through the firmware update).
> The obvious ones that are missing are the budget CAs:
>
> - CaCert.org (all certs are free)
> - startssl.com (which has some free certs)
> - GoDaddy
>
> These budget CAs are now supported by the various Linux distributions
> and Android phones, so they are clearly above a certain threshold of
> stability
>
> Polycom phones should also be able to handle 4096 bit certs with the
> extra memory, but that appears to need remediation in the firmware (I
> tried installing a custom 4096 bit cert and it didn't accept it)
>
> If anyone is registered with Polycom as a reseller, they can quote these
> issue numbers:
>
> EXT-3192 GoDaddy root CA cert
> https://jira.polycom.com:8443/browse/EXT-3192
>
> EXT-3193 CACert root CA cert
> https://jira.polycom.com:8443/browse/EXT-3193
>
> EXT-3238 Support for 4096 bit keys
> https://jira.polycom.com:8443/browse/EXT-3238
>
> As in most commercial enterprises, the more customers who request fixes
> on these issues, the higher it will go on their priority list
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
[Attachment #5 (text/html)]
<div dir="ltr"><div class="">
<h1 class="" style="background-image:url("/secure/projectavatar?pid=10240\000026avatarId=10011\000026size=large")">
<img id="project-avatar" alt="" class="" \
src="https://jira.polycom.com:8443/secure/projectavatar?pid=10240&avatarId=10011&size=large" \
height="48" width="48">
</h1>
<ul class=""><li>
<a id="project-name-val" href="https://jira.polycom.com:8443/browse/EXT">
External Feature Requests</a>
</li><li class=""><a id="key-val" \
href="https://jira.polycom.com:8443/browse/EXT-4669">EXT-4669</a></li></ul>
<h2 id="issue_header_summary" class=""><a \
href="https://jira.polycom.com:8443/browse/EXT-4669">Please add StartSSL.com StartCOM \
Certificate Authority</a></h2>
</div><br><a href="https://jira.polycom.com:8443/browse/EXT-4669">https://jira.polycom.com:8443/browse/EXT-4669</a><br></div><div \
class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 1, 2012 at 6:06 AM, \
Daniel Pocock <span dir="ltr"><<a href="mailto:daniel@readytechnology.co.uk" \
target="_blank">daniel@readytechnology.co.uk</a>></span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div class="im"><br> <br>
On 01/02/12 10:58, Stuart Elvish wrote:<br>
> Thanks for the clarification. I have looked at Polycom's website and<br>
> saw which phones have the latest firmware (or at least a firmware that<br>
> supports TLS) available.<br>
><br>
> Didn't get around to the testing with the chained certificate but will<br>
> try again this evening.<br>
><br>
><br>
<br>
</div>One thing that frustrates people about Polycom is the very limited list<br>
of root CAs they support - it was probably OK when they first started<br>
doing SSL, but things have changed a lot now<br>
<br>
The latest phones (e.g. IP321) have more memory than those they replace<br>
(e.g. IP320) and so they should be able to handle a larger list of built<br>
in root CAs (which Polycom can distribute through the firmware update).<br>
The obvious ones that are missing are the budget CAs:<br>
<br>
- CaCert.org (all certs are free)<br>
- <a href="http://startssl.com" target="_blank">startssl.com</a> (which has some \
free certs)<br>
- GoDaddy<br>
<br>
These budget CAs are now supported by the various Linux distributions<br>
and Android phones, so they are clearly above a certain threshold of<br>
stability<br>
<br>
Polycom phones should also be able to handle 4096 bit certs with the<br>
extra memory, but that appears to need remediation in the firmware (I<br>
tried installing a custom 4096 bit cert and it didn't accept it)<br>
<br>
If anyone is registered with Polycom as a reseller, they can quote these<br>
issue numbers:<br>
<br>
EXT-3192 GoDaddy root CA cert<br>
<a href="https://jira.polycom.com:8443/browse/EXT-3192" \
target="_blank">https://jira.polycom.com:8443/browse/EXT-3192</a><br> <br>
EXT-3193 CACert root CA cert<br>
<a href="https://jira.polycom.com:8443/browse/EXT-3193" \
target="_blank">https://jira.polycom.com:8443/browse/EXT-3193</a><br> <br>
EXT-3238 Support for 4096 bit keys<br>
<a href="https://jira.polycom.com:8443/browse/EXT-3238" \
target="_blank">https://jira.polycom.com:8443/browse/EXT-3238</a><br> <br>
As in most commercial enterprises, the more customers who request fixes<br>
on these issues, the higher it will go on their priority list<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" \
target="_blank">http://www.api-digital.com</a> --<br> New to Asterisk? Join us for a \
live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" \
target="_blank">http://www.asterisk.org/hello</a><br> <br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" \
target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br> \
</div></div></blockquote></div><br></div>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic