Personally I'd still say that's not good enough. Depending on what they're dialing in from some or all of the DTMF might still leak through as inband DTMF in the audio. So you'd want the entire media stream encrypted then.<div>
<br></div><div>Doing DTMF without the rest of the voice is more of a compromise between security and CPU load.<br><div><br></div><div>That still doesn't guarantee it's end-to-end, but then you're never truly going to be able to guarantee that unless they're calling the softswitch directly via VoIP rather than going via a string of SIP providers so it's probably the best you can hope for (for now).<div>
<br></div><div>-Steve</div></div><div><br></div><div><br></div><br><div class="gmail_quote">On 3 June 2013 02:04, Steve Underwood <span dir="ltr"><<a href="mailto:steveu@coppice.org" target="_blank">steveu@coppice.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 06/03/2013 08:19 AM, James Cloos wrote:<br>
> Goog found this:<br>
><br>
> <a href="http://enterprise.huawei.com/ilink/enenterprise/download/HW_U_149094" target="_blank">http://enterprise.huawei.com/ilink/enenterprise/download/HW_U_149094</a><br>
><br>
> which says:<br>
><br>
> ,----< excerpt from HW_U_149094.pdf §35.3 ><br>
> | Huawei NGN Cipher Version1 (HNC1) is a patented algorithm of Huawei<br>
> | and supports the 122/256-bit key. In encryption, the softswitch<br>
> | (SoftX3000) of Huawei is required to cooperate. Currently, HNC1 is<br>
> | used in the application scenarios in which the UA5000 works with the<br>
> | SoftX3000.<br>
> `----<br>
><br>
> It also says that those two products encrypt the rfc2833 traffic with<br>
> that algorithm, w/o implying that it is part of 2833.<br>
><br>
> As for why it is useful to encrypt the 2833 w/o also encrypting the<br>
> voice, I can only speculate. Perhaps some idiosyncrasy of PRC law?<br>
> Or to provide better integrity?<br>
><br>
> -JimC<br>
</div>There is an excellent reason for encrypting DTMF, when encrypting the<br>
voice is unimportant. If you can compromise a gateway and pick out all<br>
the DTMF, you might have the ability to recover a lot of passwords used<br>
for things like phone banking. On the PSTN this kind of thing only<br>
really works with a focussed hardware attack on the lines to the banking<br>
system, but with VoIP any compromised node could be a problem.<br>
<span class="HOEnZb"><font color="#888888"><br>
Steve<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br></div>