[VOIPSEC] 4G Issue Map: signaling complexity - more
Simon Horne
s.horne at packetizer.com
Thu Aug 31 13:42:58 CDT 2006
Henry
URI's are almost identical to ENUM except you send a different
representation to the DNS server. You can call someone exactly the same
with either (IM,video whatever). You even chain them so the ENUM record
points to a URI. The problems are exactly the same. They both point to the
same public access point of the network, What if the person your trying to
call hasn't opened their network up to the public Internet for security
reasons? What if the person your calling is behind a NAT?
Exactly the same thing, exactly the same problem.
On good point about using numeric numbering systems, it makes routing
through organizational geographic networks a lot easier as you can quickly
determine the route to send the requests based on the applicable prefix
instead of blindly sending requests to all servers hoping one will reply.
Simon
At 11:48 PM 31/08/2006, you wrote:
> > ENUM is going to a failure for 3 main reasons
>
>Well, there may be another reason:
>
>Tying advanced communication to the broken phone numbers addressing
>system instead of using Internet style URIs is pathetic. My two SIP
>phones and several SIP UAs on the desk allow me to speak to anyone else
>on the Internet, see their presence, IM, do video, etc.
>
>My Skype clients and Skype cordless phone can connect me to >100M users
>without phone numbers. Skype deserves a mention here since it is living
>proof that P2P networks with their own addressing can be very
>successful. This is useful to remember just in case the DNS get
>perverted by walled garden networks...
>
> >3. Nobody wants to pay for an ENUM service.
>
>Right. All IP-IP calls are free anyway.
>
>Forgive me for shouting: THE EMPEROR HAS NO CLOTHING.
>
>Thanks, Henry
>
>-----Original Message-----
>From: Simon Horne [mailto:s.horne at packetizer.com]
>Sent: Wednesday, August 30, 2006 9:15 PM
>To: Geoff Devine; Michael Slavitch; Paul E. Jones
>Cc: bill at flanagan-consulting.com; Henry Sinnreich; Voipsec at voipsa.org
>Subject: Re: [VOIPSEC] 4G Issue Map: signaling complexity - more
>
>
>ENUM is going to a failure for 3 main reasons
>
>1. Most VoIP networks are very little security and almost no call party
>authentication. Some VoIP protocols are securable to some extent but
>others
>like SIP are far far more complex. Just detecting the vulnerabilities of
>
>protocol is not good enough, there needs to be solutions to combat
>Internet
>telephony SPAM or Phishing before services like ENUM or public URI could
>
>even be considered. The guys offering ENUM services are fighting a
>losing
>battle convincing SIP vendors to implement TLS (although not a complete
>solution) but it seems in the main part, the problem is being avoided
>and
>the easier fortified bridged VoIP Islands approach seems to be is the
>way.
>
>2. Some will argue there's no revenue in providing ENUM services. There
>is
>more money charging fractions of cents for providing bridging services.
>But
>the big question is, after spending years building the bridges and
>installing expensive equipment, are customers willing to pay for a
>service
>that they were told was "free" or "near free". The Boeing in-flight
>Internet access is a prime example. The service was great, had great
>promise just no-one wanted to pay for it.
>
>3. Nobody wants to pay for an ENUM service. APRA have priced themselves
>out
>of whatever market they were trying to create, It's so easy to setup an
>ENUM service. There are already www.e164.org and www.e164.info for
>instance
>who offer the service for free.
>
>
>Now with that said, what are the opportunity costs of not tackling the
>security problems of standard based protocols like SIP and not opening
>networks up to the public internet? Possibly a lot more than the cost of
>
>providing expensive VoIP bridges that perhaps no-one wants to pay for,
>it
>could be billions...one easy example is Google and E-Bay recent
>partnership
>to provide click to call and pay per call services for web advertisers.
>Huge opportunity lost...
>
>Simon
>
>At 09:11 AM 30/08/2006, Geoff Devine wrote:
> >I also think ENUM is going to be a total failure. People will stay
>with
> >their trusted service providers to avoid getting SPAM phone calls at 3
> >AM from somebody claiming to be General Mubuti in Nigeria but who is
> >actually trying to scam their bank account or sell them erectile
> >dysfunction drugs. ENUM-like services that reference private databases
> >administered by those trusted service providers will be the norm rather
> >than a free-for-all e164.arpa.
> >
> >
> >
> >Geoff
> >
> >
> >
> >
> >
> >________________________________
> >
> >From: Michael Slavitch [mailto:slavitch at gmail.com]
> >Sent: Tuesday, August 29, 2006 5:16 PM
> >To: Paul E. Jones
> >Cc: stuart jacobs; bill at flanagan-consulting.com; Henry Sinnreich;
> >Voipsec at voipsa.org; Geoff Devine
> >Subject: Re: [VOIPSEC] 4G Issue Map: signaling complexity - more
> >
> >
> >
> >One more short note before closing off my contribution to this thread:
> >
> >
> >
> >While the telecoms carriers are looking at the cable companies, a far
> >bigger threat will come from companies like Akamai:
> >
> >
> >
> >http://www.akamai.com/
> >
> >
> >If many-to-many conferencing, SIP ENUM peering and one-to-many live
> >video needs geographically distributed CPU's, such vendors have all
>that
> >is needed in hand.
> >
> >
> >
> >_______________________________________________
> >Voipsec mailing list
> >Voipsec at voipsa.org
> >http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list