[VOIPSEC] VOIP for free??

Diana Cionoiu diana-liste at voip.null.ro
Fri Apr 8 16:00:39 CDT 2005 

Hello Robert,

In fact i think that a combination of ENUM together with "DNS Encoding of 
Geographical Location" (http://www.faqs.org/rfcs/rfc1712.html) can actualy 
solve that. The location problem is not imposibile to solve it just 
require the user to declare to the phone company where is located insted 
of the phone company to know where the user is located.
But that require some good will from companies and from users.

Diana

P.S. 911 is not a security issue . RTP is not trivial to be listen, 
and anyway who can listen you phone calls also can see your yahoo, icq, 
msn,irc  messages, so i think first we should solve those things and then 
go after plain VoIP.


> At 04:09 PM 4/8/2005, Andrew Graydon wrote:
> >This is a very interesting point ! One of my observations on the regulatory
> >issues of emergency services is that this is still an ongoing issue with
> >cellphones, in fact many landline systems still have problems in
> >transporting the ANI number across multiple hops, and cellphone to landline,
> >cellphone roaming and many other scenarios still have problems here (think
> >of the UNKNOWN caller id you frequently see). Does this mean that all of
> >these systems will ultimately be shut down ;)
> 
> We already hashed the localitiy issue.
> 
> Can only be addressed with authenticated GPS.  This would also give 
> elevation in sky scrapers.
> 
> Could a country block all VoIP traffic across its borders (expect 
> approved)?  With limited success; RIPE blocked CeeUCeeMe to get them to put 
> flowcontrol into the application.  This is before we figured out RED 
> (Random Early Discard, back in the days when an ISP would drop some of Tony 
> Li's IOS patches into their routers and reboot).  But now most countries 
> (China is an exception) have to many cross-boarder links that are running 
> too fast to do effective packet filtering.
> 
> And we already covered tunneling protocols.
> 
> Now if EVERY VoIP provider required that only GPS enabled phones were used, 
> then it might be possible to control vocality on a gross level.
> 
> As we move toward putting some electrons in an ordered fashion, we have to 
> document what cannot be cost-effectively done (device locality), as this 
> will have a direct impact on the risk models.
> 
> 
> 
> Robert Moskowitz
> Senior Technical Director
> ICSA Labs, a division of Cybertrust, Inc.
> W:      248-968-9809
> F:      248-968-2824
> E:      rgm at icsalabs.com
> 
> There's no limit to what can be accomplished
> if it doesn't matter who gets the credit
> 
>

More information about the Voipsec mailing list