[VOIPSEC] voip security in general

Diana Cionoiu diana-liste at voip.null.ro
Fri Feb 11 08:01:15 CST 2005 

Hello,

I'm watching the list and what i've understand until now are this:
1. H323 is a good protocol if you must translate ISDN or SS7 signaling 
into VoIP, this is why carriers love it. But it dosen't pass NAT well, is 
difficult to implement (right now because of OpenH323 - thanks to Craig 
and Robert, is not such a problem any more), which has lead to huge 
problems in the past. It lacks IM. Has a lot of implementations. 

2. SIP is the real VoIP protocol, is flexibile and powerfull. Carriers
don't use it much because it dosen't have equivelents for all commands and
codes for ISDN. The equipements are cheap and are becoming cheaper and
cheaper. The implementations (at least those in Linux) are rubbish, in
most cases lacks features, and a lot of them also lack stability (at least
those that i have tried). It has IM support including subscription,
notify. It also have a lot of problems on passing the NAT but is much
easier then H323, because is text not binary.

3. IAX is a not only a signalling protocol like H323 and SIP but also
carry media on the same port. Is good because is passing the NAT. But in
fact IAX has the same problems like Asterisk (IAX stand for Inter
Asterisk Exchange), is a PSTN PBX with support for VoIP (like in fact most
of the solutions). Now don't get me wrong. Because of that IAX is solving
the NAT problem. Even encrypted it will pass the NAT, which is great. It
dosen't have IM (it has text messages). In the same time you can't have
proxy just for signalling (like in H.323 or SIP), or just for RTP. For the
IM exist an extension made by Firefly but i didn't see any RFC. I must
addmit i didn't ask for one and Firefly company is willing to work with
other companies on that standard.


Regarding the security :
1. H.323 has H.245 encrypted tunnel, and i don't know anything about RTP. 
(maybe someone else can explain me what should happen here).
2. SIP can be encrypted with TLS and for RTP can use sRTP. I know a few 
implementations i have no idea how well are working.
3. IAX even if is the most easy to solve the encryption problem it didn't
had this feature until recently. There is no RFC or a clear idea about how
this should be done.

I don't know yet if is worth encrypting the signalling. If it dosen't SIP 
is as good as IAX on passing NAT.

Diana Cionoiu
http://yate.null.ro - Free Software for Telephony

P.S. Let's not have this degrade into a flamewar since each protocol has 
his market.

More information about the Voipsec mailing list