[VOIPSEC] Voipsec Digest, Vol 8, Issue 26
Robert Moskowitz
rgm at icsalabs.com
Fri Sep 16 12:39:05 CDT 2005
At 12:03 PM 9/16/2005, Randell Jesup wrote:
> Careful: This is _answer_ delay. Time from picking up a ringing
>phone until you can talk. That needs to be in the 100-200ms range to avoid
>usability/user-expectation problems. Even cellphone users assume answering
>is 'fast'. Note that the DH can be part of the normal call setup via
>mikey/etc, so you may not need extra round-trips (or not two of them).
Perhaps I need to go back and look at what point in the exchange
ringing starts, and what has to wait until after call pickup. I
would naively think that most of the keying COULD be done during
ringing. Of course if the call is answered on the first ring...
Now there are certain security risks to start keying before the call
is accepted. Where is the balance?
> 2^31 RTCP @ 5 seconds/per ~= 2041 _years_.
> 2^48 RTP @ 50/sec ~= 178388 _years_, or 178 millenia.
>
> I don't see rekeying being needed in many calls...
Yeah. I did not make myself clear enough. If you have to support
10Gb pipes, you better plan on rekeying. Otherwise, you will
probably never reach the rekeying point. For this reason we pulled
rekeying of the pairwise keys out of 802.11i.
Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W: 248-968-9809
F: 248-968-2824
VoIP: 248-291-0713
E: rgm at icsalabs.com
There's no limit to what can be accomplished if it doesn't matter who
gets the credit
More information about the Voipsec
mailing list