[VOIPSA Best Practices] DTMF and quality monitoring... RE: Best Practices document structure set - next question: are these the appropriate areas?

dan_york at Mitel.com dan_york at Mitel.com
Fri Jan 19 10:34:50 CST 2007 

Greg,

Thanks for contributing the great comments.  Responses:

9. As I mentioned in my response to Raul, I do want to watch for "scope 
creep".  I think we have to keep the scope of the document as tightly 
focused on VoIP as we can... or we're going to wind up taking an awfully 
long time to complete it.  So my concern with the "periphery", as you so 
aptly put it, is that we just need to be cautious how much we add in.

9a. Yes, I think there's a place for those *as they pertain to usage by 
typical VoIP servers*.

9b. I'm not sure on this personally.  It would seem that these apps are 
really using signaling connections and media connections, and so they 
would fall under those appropriate sections.  Which is to say that  the 
sections on "Securing Call Control" and "Securing Media" should probably 
take into account the use of those connections by applications.

10. I'll confess to not knowing enough about securing DTMF to really 
answer this.  In my simplistic view, isn't DTMF transmitted in either the 
media or signaling stream?  And so if we secure those streams are we not 
also securing DTMF?  Or do those only secure the *transport* (and 
confidentiality/integrity) of DTMF and there is another aspect we need to 
worry about? 

In general, I would say that items that span multiple categories should be 
*considered* in developing the best practices for each relevant category. 
For example, in developing a best practice for securing call control, we 
would need to be sure it allowed the proper sending of DTMF.

11.  Interesting point.  Certainly "availability" is a security concern 
and *part* of that relates to quality assurance.  But I don't know how far 
we want to go down that road... we want to focus on helping people 
understand how to have a *secure* VoIP system, but not necessarily 
instructing them on how to have one with *excellent* audio quality. 

I don't know... what do others think?  How important should we stress 
quality assurance?

Thanks again for contributing the comments,
Dan






"Greg Scallan" <spider at tellme.com>
01/19/2007 08:14 AM
 
        To:     <dan_york at Mitel.com>
        cc:     <bestpractices at voipsa.org>
        Subject:        RE: [VOIPSA Best Practices] Best Practices 
document structure set - next question: are these the appropriate areas?


This list looks pretty exhaustive in terms of covering all the primary 
components. Here are some additional items to contemplate:
 
9) There are some items on the periphery we may want to touch upon 
somewhere since ensuring they are appropriately secured needs to be 
contemplated by those building out VoIP networks. Such as:
 
a)       securing dependent systems and protocols (such as when using DNS 
as per RFC 3263 or NTP).
b)      Securing VoIP Applications (such as CCXML or VoiceXML apps that 
invoke VoIP related services and manage and have access to VoIP signaling 
and media data)
 
10) What about features that span many of the categories below, such as 
the multitude of ways to do DTMF?  Should we have separate sections on 
best practices to transport DTMF end to end, or talk about it in each 
section, referring to other ways of securing it?
 
11) How about BP for securing active and passive media quality assurance 
systems, as these devices play a critical role for any service oriented 
network being monitored?
 
greg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://voipsa.org/pipermail/bestpractices_voipsa.org/attachments/20070119/bcd71130/attachment.htm>

More information about the bestpractices mailing list