stephan.steiner Mon, 05/21/2007 - 04:30
User Badges:
  • Silver, 250 points or more

It's sent as plaintext and as a query string parameter. I'm not aware of any other way - but I'm sure with the move to https, we'll see https support for phones sooner rather than later - I guess the biggest challenge is certificates since you can't just accept a certificate on the phone as you'd do in a webbrowser.


In the meantime, I'd rely on separate VLANs and port authentication on the switch to ensure nobody hook in between the phone and the switch to get the traffic - and if you have untrustworthy individuals having access to the backbone of your network, you have a whole set of different problems that encryption of ip phone services won't cure.

Sascha Monteiro Mon, 05/21/2007 - 17:35
User Badges:
  • Silver, 250 points or more

:-) yes, and I think it should not be too hard on Java powered phones ;-)

with the proper coding, you don't have to accept or store a certificate for HTTPS connections.

Actions

This Discussion