[VOIPSEC] 4G Issue Map: signaling complexity - more

Simon Horne s.horne at packetizer.com
Wed Aug 30 21:15:05 CDT 2006 

ENUM is going to a failure for 3 main reasons

1. Most VoIP networks are very little security and almost no call party 
authentication. Some VoIP protocols are securable to some extent but others 
like SIP are far far more complex. Just detecting the vulnerabilities of 
protocol is not good enough, there needs to be solutions to combat Internet 
telephony SPAM or Phishing before services like ENUM or public URI could 
even be considered. The guys offering ENUM services are fighting a losing 
battle convincing SIP vendors to implement TLS (although not a complete 
solution) but it seems in the main part, the problem is being avoided and 
the easier fortified bridged VoIP Islands approach seems to be is the way.

2. Some will argue there's no revenue in providing ENUM services. There is 
more money charging fractions of cents for providing bridging services. But 
the big question is, after spending years building the bridges and 
installing expensive equipment, are customers willing to pay for a service 
that they were told was "free" or "near free". The Boeing in-flight 
Internet access is a prime example. The service was great, had great 
promise just no-one wanted to pay for it.

3. Nobody wants to pay for an ENUM service. APRA have priced themselves out 
of whatever market they were trying to create, It's so easy to setup an 
ENUM service. There are already www.e164.org and www.e164.info for instance 
who offer the service for free.


Now with that said, what are the opportunity costs of not tackling the 
security problems of standard based protocols like SIP and not opening 
networks up to the public internet? Possibly a lot more than the cost of 
providing expensive VoIP bridges that perhaps no-one wants to pay for, it 
could be billions...one easy example is Google and E-Bay recent partnership 
to provide click to call and pay per call services for web advertisers. 
Huge opportunity lost...

Simon

At 09:11 AM 30/08/2006, Geoff Devine wrote:
>I also think ENUM is going to be a total failure.  People will stay with
>their trusted service providers to avoid getting SPAM phone calls at 3
>AM from somebody claiming to be General Mubuti in Nigeria but who is
>actually trying to scam their bank account or sell them erectile
>dysfunction drugs.  ENUM-like services that reference private databases
>administered by those trusted service providers will be the norm rather
>than a free-for-all e164.arpa.
>
>
>
>Geoff
>
>
>
>
>
>________________________________
>
>From: Michael Slavitch [mailto:slavitch at gmail.com]
>Sent: Tuesday, August 29, 2006 5:16 PM
>To: Paul E. Jones
>Cc: stuart jacobs; bill at flanagan-consulting.com; Henry Sinnreich;
>Voipsec at voipsa.org; Geoff Devine
>Subject: Re: [VOIPSEC] 4G Issue Map: signaling complexity - more
>
>
>
>One more short note before closing off my contribution to this thread:
>
>
>
>While the telecoms carriers are looking at the cable companies, a far
>bigger threat will come from companies like Akamai:
>
>
>
>http://www.akamai.com/
>
>
>If many-to-many conferencing, SIP ENUM peering and one-to-many live
>video needs geographically distributed CPU's, such vendors have all that
>is needed in hand.
>
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list