From 00b350aeb1c5b0cd8a18d8b6877b499896497d72 Mon Sep 17 00:00:00 2001
From: Daniel O'Connor <daniel@servalproject.org>
Date: Fri, 24 Aug 2012 16:08:29 +0930
Subject: [PATCH] Add a note about why we aren't using SIPS/ZRTP.

---
 README.WHYNOTSIPS | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 README.WHYNOTSIPS

diff --git a/README.WHYNOTSIPS b/README.WHYNOTSIPS
new file mode 100644
index 00000000..92f04a59
--- /dev/null
+++ b/README.WHYNOTSIPS
@@ -0,0 +1,21 @@
+When we were looking at implementing secure calls for OpenBTS it was suggested
+that we configure Asterisk to use SIPS/ZRTP. This would have been relatively
+easy to setup, however there are a few problems.
+
+Number one is that when Asterisk checks the certificates it will either
+validate the certificate (checking the chain of trust and so on) and then
+check that the common name attribute on the certificate matches the hostname
+of the peer, or it will do none of these checks. This code is in main/tcptls.c
+line 206 (in version 1.8.14.1).
+
+This is undesirable in a setup where there is limited or no infrastructure as
+there is not likely to be a DNS server setup, or even rigid IP assignments
+that would allow a static hosts file based setup. This situation would force
+the administrator to disable the checks completely which would allow a trivial
+man in the middle attack.
+
+It would be possible to modify Asterisk to have a third way where it validates
+the certificate and checks the chain of trust but does not look at the common
+name. We decided against this approach as the VOMP channel driver was written
+in time to avoid it.
+