[VOIPSEC] RE: TLS as the SIP security mechanism

Hadriel Kaplan HKaplan at acmepacket.com
Thu Aug 11 08:09:04 PDT 2005


Actually, of the top 10 Tier-1 IP core networks in the world, I know of at
least 4 carriers that experienced network-wide failures in the past 6 or 7
years.  I used to work at a vendor whose product caused one of the outages
(although the outage duration was brief), and the other 3 carriers
specifically tested the failure cases that took down their networks (other
vendor's products caused those).  If I know of 4, there are probably a lot
more.  In terms of specific route failures (not network-wide) they occur
fairly frequently as you know.
Also, general DNS service failed 3 years ago, during a DDoS attack against
the root servers. (although the net effect due to caching is unknown, and
clearly for SIP service caching is involved)

But I'm not arguing that the system is flawed - just saying we shouldn't be
over-confident.

-hadriel
"Don't be too proud of this technological terror you've constructed" - DV.


-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Brian Rosen
Sent: Wednesday, August 10, 2005 11:13 AM
To: 'Dave Pascua'; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] RE: TLS as the SIP security mechanism

However, DNS has not failed in, I don't know, something like 15 years.   I
don't think there has been a failure of any Tier 1 Internet provider's core
network in at least 10 years, probably longer.  The access networks are not
as reliable, and we definitely need more work there.  





More information about the Voipsec mailing list