[VOIPSA Best Practices] Welcome to the VOIPSA Best Practices project... and some weekend reading for you all (if you get this)

Eric Chen eric.chen at lab.ntt.co.jp
Mon Dec 4 04:06:09 CST 2006 

Hi Dan,

My answers to some of your questions:

1) References:
To add to Raul's list of books, the following is my favorite.

- Understanding Voice over IP Security
by Alan B. Johnston, David M. Piscitello
Artech House Publishers (ISBN:1596930500)
http://hhi.corecom.com/understandingvoipsecurity.htm

2) Structure:
Since each section will be managed by a different section leader, we may want to minimize the possibility of overlapping contents.  Like Raul, I vote for "2. Segment into functional areas".  If we go with the other structures (1.taxonomy and 3.components), we may end up having descriptions of the same practices in various sections, written by different members.  It may take a lot of efforts to maintain the overall consistency.

To make cross-references to TT easy, we can later come up with a table that maps all threats to their corresponding solutions.  For example,

				Best Practices
---------------------------------------------------------
Eavesdropping			 
	Call Pattern Tracking	Sections 2.1, 2.2
	Number Harvesting	Sections 2.1, 2.3
	....
---------------------------------------------------------
Social Threats
	Theft of Services	Section 1.1
	....

3) Audience
Looks fine to me.

4) and 5) Roles
Looks fine to me.  I would like to volunteer for leading a section.  I am interested in "securing call control" (first preference) and "securing media stream" (second preference).

- Separate documents for enterprise and carrier needs?
I like Raul's idea.  I think we should stay with a single document to minimize managerial efforts and overlapping contents, at least for the first version.  Having subsections that describe the differences seems sufficient for now.  We can always split it later if it seems fitting.  In my opinion, splitting a document is easier than integrating different documents into one.

Hope this helps

Eric

-----
Eric Y. Chen <eric.chen at lab.ntt.co.jp>
NTT Information Sharing Platform Laboratories
PGP Key ID: 0xD2A58AE8
Fingerprint: DAB9 19A8 C634 6713 A7F4 F67A B173 1AC3 D2A5 8AE8
-----

More information about the bestpractices mailing list