[VOIPSEC] SIP B2BUA and Digest Authentication using
Randell Jesup
rjesup at wgate.com
Tue Nov 8 03:34:30 GMT 2005
Simon Horne <s.horne at packetizer.com> writes:
>At 02:43 PM 6/11/2005, Christopher A. Martin wrote:
>>Question, for your product, has this introduced any of the items that
>>people in the past have claimed would be a detriment? e.g, PKI would slow
>>things down too much for people to accept the delays caused by it during
>>call setup...
>
>No not all, even to me this was initially surprising. Their is virtually no
>noticeable delay in call setup (under 1 sec). The implementation from the
>start was designed and effort put in to avoid delays. All key management is
>handled multi threaded and quite separate from call processing. The TLSv1
>negotiation is compressed into 2 messages, 1 in each direction and the
>encryption engine uses assembler routines.to speed up
>ciphering/deciphering. Also since the session encryption key (using
>diffie-hellman) is negotiated prior to the caller answering, there is no
>2-3 sec delay at the start of the call.
Negotiating the DH key prior to call setup may lead to DoS
vulnerabilities, at a random guess.
1 second (on what?) is good - except when users expect way less
than 1 second delays. From what I've seen, 200-300ms would seem to be
the upper bound for a hardphone given user's expectiations. It's a lot
better than 2-3 seconds, of course.
--
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
More information about the Voipsec
mailing list