IAX2 Support For New Authentication Method (ED25519)

The Internet comprises both client and server systems and the client systems outnumber the server systems hundreds of thousands to one. The Internet is not just the systems that run it. And yes of course, the Internet is RUN by Linux & FreeBSD but the Internet isn’t solely what it is run by.

“This I don’t understand at all. If the insurance is on the cert encryption algorithm being broken”

You don’t understand Insurance. Insurance companies’ goal is to not pay out in the event of a breech, so they fill their policies full of unnecessary crap designed to make it harder to make a claim and easier for them to find some niggly little thing they can use to deny the claim. If a Shopping Cart site gets breeched and owes $10M to customers then if the cyber insurance company can say “you didn’t spend $100 on some commercial certificate you used a free Let’s Encrypt certificate so we are denying your claim” then they will do that. By the time the claimant lawyers up and forces a payout via lawsuit, they have spent far more than the $100. Keep in mind also in the early days there were no insurers offering overall cyber insurance, in fact, the entire reason cyber insurance is even a thing today is because business insurance companies scissored out cyber liability from their general liability policies because they want to charge more money - so now instead of just buying a general policy, you have to buy a general policy plus the cyber policy, just like they scissored flood and quake insurance out of homeowners insurance.

“anybody who stubbornly persists in using Exchange Server is not exactly making the optimal decision for their organization, are they”

Not exactly since you are not looking at total costs on that decision and you also don’t understand the concept of taking responsibility for a large org IT systems.

Let me spell this out. You have an org with many hundreds to thousands of users. You have an IT department in that org. There is a dude or dudette at the top of that department. If ANY of the major systems - PBX, EMail, backbone switching, etc. - dies then it takes the entire org offline and that dude or dudette’s job hangs in the balance because it’s their responsibility to keep the IT running.

There are NOT that many dudes or dudettes out there running IT groups who have the balls to take full responsibility for all the systems. The problem is far worse when CIOs and IT Directors are drawn from MBA ranks and such who play well in the C-Suite but don’t know squat about the tech, and many of them are. Most orgs who are well run have CEO’s that understand this - and those CEO’s would LOVE to find CIOs and so on who rose up the ranks and know the tech - but such people are rare and often not available no matter how wealthy your org is and how much money they can throw at the position. So orgs often have to settle for run of the mill garden variety MBAs and other non-techs to run IT in big orgs. Since those people don’t know the tech they are afraid to take responsibility for it, so they bring in IT consulting firms who are run by people who DO have the balls to take responsibility.

And those firms make money on percentages as you probably know, since you have had clients. If their cut is 50% and they sell a $100k Exchange server in they get $50k. If they sell in a $10k Linux mailserver they get $5k. So which are they going to do?

The CIO of course, knows he’s being screwed over - but it’s not his money so he cares more about finding a consulting group he can shift blame to if the mailserver dies and possibly keep his job. The CEO probably also understands the dynamic but he doesn’t care either because it’s the stockholders money and he has his golden parachute. And the stockholders don’t know s from shinola about email so even though they might prefer the money go into their pockets instead of the consulting house’s pockets, they can’t do anything about it.

Truth is the average tenure of the average CIO is not that long because of this - sooner or later all orgs are going to suffer a major major breakdown of some system and if the consulting group the CIO brought in to take responsibility for that system isn’t competent enough to put things back together quickly, then the CIO will be out on his ear. This is why if you run IT in a large org you pay so much attention to disaster recovery - if you are smart, that is.

It is only when you either have a head of an IT department that knows the tech or the head of IT has a trusted lieutenant who knows the tech that it is possible to get creative and use off-book solutions like Let’s Encrypt certs on Exchange servers (which it’s possible to do with a little bit of effort) or Linux email servers or Asterisk PBXes. And those people not only have to know the tech they have to have the balls to take responsibility for it.

I’ve written plenty both here and on FreePBX’s community board about shifting an org from Cisco UCM PBX to FreePBX. What mystifies many people I think is my insistence on doing the work to detail how to integrate Cisco Enterprise phones into FreePBX. They wonder “why is he wasting time doing that when he can boot the Cisco devices in the dumpster and replace all of them with cheap Polycoms” One of them even posted a picture once of a bunch of Cisco phones in an actual dumpster in response to one of my posts over there.

What they don’t understand is this responsibility factor. For an IT group in charge of a larger org to boot a UCM PBX out the door and replace it with an Asterisk system means that if in the future conditions change that that Asterisk-friendly IT group disappears and gets replaced by the run-of-the-mill MBA that does not know tech, IT people under him who don’t want to take responsibility, and an outside telephony consulting group that IS willing to take responsibility - for sure that Asterisk system will disappear and be replaced by a UCM again. And, as long as all phones in the org remain Cisco devices - that telephony consulting group will not be able to charge up into God’s ass, pricing to replace all desk phones. They might get the margin for the UCM but they won’t for the phones. And that is a central pitch that can be used to the C-Suite by the Asterisk-friendly IT Group to enable the UCM to be booted out in the first place.

The pitch is simple. “We have to spend $100k to upgrade the UCM because Cisco is no longer supporting it and won’t sell a service contract on it anymore. We will save $100k by shifting to Asterisk and if it doesn’t work we will still have to spend $100k for a new UCM. But if it does work we will save $100k”

If you discard all the Cisco desk phones then the pitch becomes: “We have to spend $100k to upgrade the UCM because Cisco is no longer supporting it and won’t sell a service contract on it anymore. We will save $100k by shifting to Asterisk and spend $20k of that on Polycom desk phones and the labor to replace them. If it doesn’t work we will then have to spend $200k for a new UCM and new desk phones and the labor to replace all the Polys which are now junk. But if it does work we will save $80k”

This is why I keep trying to slap the Cisco phone bigots upside the head on this issue. If your position is that “I’m going to be technically pure and not allow those crappy Cisco phones on my nice new Asterisk system since their SIP dialect is atrocious” then you’re muddying the financial incentive to switch a large Cisco site over to Asterisk to the point that it probably won’t be approved. Unfortunately, none of the Cisco phone bigots over on the FreePBX side have apparently worked large corporate IT - so they are sort of like you - they don’t understand the politics involved and can’t understand why orgs make what appears to be sub-optimal decisions like using Exchange.

And yet you then proceed to say:

“'t dusty at all) and have created a implementation of the IAX2 protocol - including relevant encryption - that runs fine on a $8 (USD) microcontroller”

where is this code? Until I see it, I say it does not exist and I say you are just blowing smoke out your behind and there is no guarantee that any amendment you are proposing is workable.

That’s why you need a reference implementation. So let’s see the code link.

Hi Ted:

Life is short, think positive thoughts!!

I’m pretty interested in any reference you can provide that states that IANA needs a sample implementation in order to approve IAX2 RFC amendments. I’ve not encountered this situation so I want to make sure I am well prepared as I move through this process.

I definitely wouldn’t be wasting the time of all of the nice people on this forum if this whole discussion was a hoax. Most of my work on this project is open source so I’ll provide the links again below. But as mentioned already, I was trying to get input on my amendment to the IAX2 protocol document - not on my implementation. We should be careful not to get into any off-topic discussions about my code (on this thread) so that we don’t bother the rest of the group with stuff that the users of the Asterisk code probably don’t care about. Anyone who does care should feel free to reach out to me directly.

My core IAX2 implementation code is here: GitHub - Ampersand-ASL/amp-core: The core libraries used to create ASL tools/services · GitHub

My code that implements the ED25519 authentication is here: amp-core/src/LineIAX2.cpp at main · Ampersand-ASL/amp-core · GitHub

My project documentation is here: Ampersand Linking Project | Bruce MacKinnon

The current iteration of my board is shown below. The big chip on the bottom left is the STM32 (ARM) microcontroller that runs the IAX2 firmware. The other chips provide Ethernet MAC/PHY connectivity and an audio CODEC for connection to a radio or a handset.

IMG_07671511×1894 482 KB

Have a great day! Bruce

Bruce they don’t have to say it because it’s expected. Remember that you are proposing a change of a public standard - this is fundamentally an adversarial process. You make a proposal and everyone else tries to pick it apart. If it survives picking apart then it’s considered good.

I’m a veteran of this process since I was responsible for the following:

Number Resource Policy Manual - American Registry for Internet Numbers

annual POC verification. If you research the history of the NRPM on the mailing list you will find my name all over that. Getting that into the NRPM caused a LOT of people to hate me. I pushed it because I knew people were registering number blocks then trying to hide who they were. They were doing this in the expectation that one day in the future they could sell them. The chair of ARIN knew the same was happening, but he allowed me to be the barking dog and get all the lightning strikes and then after the fur finished flying he came out in support of it and the membership voted it in, and overrode the haters who were furious they had been found out.

This isn’t a sit around the campfire and sing Kumbayah process. If you get this into the IAX2 standard then there are going to be some people who end up hating it. Get used to it. This is why I have cautioned against making it mandatory. Since your advocating for it to be optional then you probably won’t get raked over the coals right now. But the devil is in the details. Optional needs to mean that a node cannot mandate you use encryption and still be following the standard.

It’s no different than how Science works with scientific theories - people propose theories and everyone else tries to prove them wrong, because it strengthens the theory if it survives.

It’s also how the Asterisk development works - people propose patches to Asterisk and put them into github then the maintainers pick them apart. If they survive the picking apart process, then they are good and are incorporated.

It’s also how evolution and natural selection works. It’s also how law and the courts work.

I could go on and on but boiled down, without proof that it works, nobody is going to take anything you say seriously. So why you are even arguing that point I don’t know since it is obvious.

Publicly usable code is proof an idea works. Now that you have posted it, then others can test it and decide if the idea is good. Whether the reference implementation works efficiently and is coded well does not have a huge amount to do with the standard. In fact, it’s not uncommon for reference implementations of protocols to disappear over time. For a good example the RADIUS protocol was developed with a reference implementation, but its maintainer abandoned it ages ago, and there are now many RADIUS server implementations. IMAP4 is another example. uw-imap was the reference for IMAP4 but nowadays everyone uses dovecot. Nobody cares if your code is good they care if the protocol it implements WORKS. The fact you put it out publicly is a necessary step to get the standard change approved.

For people and orgs who don’t understand this, they don’t get their stuff standardized, period. For example Microsoft 15 years ago tried to standardize the SMB version 1 protocol as CIFS. They wrote a CIFS standard document and everything. But they never open sourced the code for SMB, and the chief developer of the Samba suite Andrew Tridgell savaged Microsoft over it and CIFS was never approved as a standard it remains a so-called “draft standard” which is meaningless. As Triggell pointed out Microsoft was abusing the standards body because they were doing undocumented stuff in SMB and there was no guarantee that if a Linux implementation of CIFS followed the draft CIFS standard that it would work with Windows. All that Microsoft needed to do to get it standardized was publish the code in Windows they were using which would then reveal all the undocumented stuff. MS refused, and without a reference implementation, the effort died.

Anyway, you can look all of this history up but hopefully you now understand why a reference is required.

I don’t have a ham license, I’m terrible at rote memorization and could never get past the Morse code requirement when I was younger, but I read the ARRL handbook cover to cover 45 years ago. Hams today have it so easy, I doubt many of the young ones have ever seen a radio with complete -analog- signal processing from microphone to antenna, unless you are into restoring antique radio gear that is, I’m sure it’s all signal processed now and handed off to the final amplifier stages and nowadays the only analog part you have to know is the antenna.

Anyway, you have my opinion and experience, and you can do with it what you will. Hopefully what you’re doing is welcomed as helpful by the other members of the ham community. Good luck!

So what? It’s not the client systems that have to worry about getting CA-issued certs. Which is what we’re talking about here. Those Windows machines are mostly just dumb terminals running browsers, nothing more.

Then why do businesses pay them money, if they get nothing in return?

I don’t see why I should feel any sympathy for their accumulation of technical debt. Remember, you were the one who was complaining:

Either their IT infrastructure is a crucial strategic asset to their business, or it is seen as just some inevitable overhead they have to put up with, like taxes or mob protection money or something.

If it is a crucial strategic asset to their business, then the successful companies will be the ones who make wise investments in this area, because to put up with mediocrity will hurt their competitiveness. So the suboptimal, flaky systems get taken out of service, one way or the other.

I suspect the real reason that insurers don’t like free services is that the service has no money, so they can’t transfer the loss up the supply chain by suing the supplier. That’s also why more general businesses use professional services. The service may get things just as wrong as they would on their own, but the service has professional liability insurance.

Insurers are well aware of the risks — they have detailed statistics on the frequency of various kinds of payouts, since that’s a key factor in how they calculate premiums — and decide what (and whom) to insure. Every one of those risks represents another hit on their pocket, where it hurts. So they would know exactly how often certs get compromised, and what the cost of those breaches are.

In the beginning of the use of SSL/TLS, we had CRLs. Then over time it was discovered that these were not really very effective., So OCSP was introduced. Then, over more time, it was discovered that this was, if anything, even less effective than CRLs.

So the dilemma now is what to do. The only real answer seems to be to shorten the validity time of issued certs. This reduces the exposure window in the event of a cert compromise.

And by “shorten”, we mean “drastically shorten”. Some security experts are talking about validity durations as short as a week.

Now, doing certificate renewals by hand at this sort of frequency is totally impractical — the only way to manage it is through automation. That favours CAs that use automated processes anyway, like Let’s Encrypt. So it seems clear this represents the future of CA-issued TLS/SSL certs.

And the fact that forcing automation means the CAs don’t have to employ as many humans answering the phone has NOTHING to do with it, (thus raising their profits) oh, no no no no noooooo… Never could be about the money!!! After all the CA’s goal in life is not to make filthy lucre, not at all, it’s solely to make the Internet better. After all, all the people who work at them subsist off ground tree bark, and nuts in the forest…

“…Some security experts are talking about validity durations as short as a week…”

Oh please. Cry me a river.

It amazes me how many people today have never seen the (admittedly corny) movie Wargames. Among all the fun stupid nerdy stuff a very good point was slipped in about the stupidity of completely removing humans from the equation - a point that most of the people pushing AI conveniently ignore.

Give me an automated system with no humans involved and I’ll give you a bank account fed from a Salami scheme I install into that system that will NEVER be discovered and never run out of money.

(if the point escapes you - give me root on a *unix system with certbot on it and I’ll give you a system that emails the vital bits to my cracker farm every time that cert is updated, even if the update is done every 10 minutes)

Looks reasonable. Happy to write a PR on the Asterisk side to add support if you’d like.

Every professional cloud service (google, et. al) I’ve ever contracted with buries a liability exclusion in their TOS so I have to discount that. Interesting try, though.