botyhc wrote on 02. Feb 2011 at 00:59:
In phonerlite TLS please add entry to specify a trusted root certificate in addition to using Windows CA (some users are not able to change Windows CA).
Heiko, I also would appreciate this functionality, but in a little different way. Couldn't you add a folder named
certs in the PhonerLite folder and put your
CAcert (and we other) trusted root certificates there? Then PhonerLite could automatically look into this folder by default to load the trusted certs if TLS is enabled. You don't need to add a new Button into the program. The "Load Windows CA" checkbox is enough beside this folder-solution.
Four reasons to do something like this:
1. Own client/server certificates and private keys could be placed there too, to have them all in one place (I know this can already be done).
2. Its a transparent and common method to put all certs together in one place.
3. See the tree advantages
botyhc mentioned in posts #45 and #49.
4. Not everyone wants to trust CAcert certificates. Removing the CAcert root cert from that
certs folder will make this authority untrusted. This is not possible at the moment.
Phoner Admin wrote on 02. Feb 2011 at 09:27:
Or do you really make pure peer-to-peer calls?
You are right, own server, client and root certificates are really needed only for PTP connections. But for PTP connections they are essential if you want to create really save calls.
Phoner Admin wrote on 02. Feb 2011 at 09:27:
If so, who should wiretap such connection?
A men in the middle
. Think on secret services, economic espionage, ... For them it shouldn't be sooo difficult to place in the middle of the line.
I know Phoner is your hobby, as my is the
Secure-SIP-Server project. So just think about my idea with the
certs folder, maybe you can see its advantage.