[VOIPSEC] VOIP for free??

[Robert Moskowitz]

At 04:09 PM 4/8/2005, Andrew Graydon wrote:
>This is a very interesting point ! One of my observations on the regulatory
>issues of emergency services is that this is still an ongoing issue with
>cellphones, in fact many landline systems still have problems in
>transporting the ANI number across multiple hops, and cellphone to landline,
>cellphone roaming and many other scenarios still have problems here (think
>of the UNKNOWN caller id you frequently see). Does this mean that all of
>these systems will ultimately be shut down ;)

We already hashed the localitiy issue.

Can only be addressed with authenticated GPS.  This would also give 
elevation in sky scrapers.

Could a country block all VoIP traffic across its borders (expect 
approved)?  With limited success; RIPE blocked CeeUCeeMe to get them to put 
flowcontrol into the application.  This is before we figured out RED 
(Random Early Discard, back in the days when an ISP would drop some of Tony 
Li's IOS patches into their routers and reboot).  But now most countries 
(China is an exception) have to many cross-boarder links that are running 
too fast to do effective packet filtering.

And we already covered tunneling protocols.

Now if EVERY VoIP provider required that only GPS enabled phones were used, 
then it might be possible to control vocality on a gross level.

As we move toward putting some electrons in an ordered fashion, we have to 
document what cannot be cost-effectively done (device locality), as this 
will have a direct impact on the risk models.



Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
E:      rgm at icsalabs.com

There's no limit to what can be accomplished
if it doesn't matter who gets the credit