[VOIPSEC] Identity Management and VoIP and More
leslie at asamoa.fi
Wed Apr 19 04:58:41 PDT 2006
I recently completed a major study on VoIP security initiated to
understand the impact of this means within this enterprise. The
bottom line is that VoIP although ACL'd still lacks the necessary
control and tracking because its so easy to impersonate in the
I then started wondering what eminent, real world, solutions may save
this great technology like it saved our society. I then started
dwelling on passports and driving licenses. In all forms of the
Internet, and maybe this is because of its simplicity or the
intention of simplifying this technology (Internet) that such
mechanisms of control have been avoided.
RATHER, the Internet is rigged with passwords and user names; and
then I thought, well if that is the case; and IF simplicity is what I
am really gunning for, would I love to log into my car before I go to
Would I like to provide my user name and password before I purchase
an item from a store?
Its obvious isn't it? Well then why does this requirement fall on us
within the Internet? Because I would rather, and I imagine it to be
so, shortly, not have to log into a PC to use an application. I would
expect that the PC was like a Kiosk and I could access whatever
application IN a PERSONALISED way.
This drew my to thinking how the talk of MIKEY for VoIP sounds like a
solution I would propose. But this problem is not limited to VoIP
only, its everywhere and security issues are hard to resolve because
we do not know who started it! And so we cannot ask the WHY and HOW.
Well I want to be able to. And so going from Smart cards to
Certificates embedded into 'wallets' or credit cards or house keys, I
would like to find a way to deal with this. And enable a kiosking
mode where personalisation and identity are managed in a different
way. and in parallel bring that implementation to the handset or soft
If VoIP could do anything for 911, it should be able to tell the
emergency services who you are and not just where you are.
More information about the Voipsec