[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says
diana at voip.null.ro
Sun Dec 10 16:51:57 GMT 2006
This is why we decided to support Jingle in Yate. Jingle has the
advantage that it has a mechanism that works against spam (the dialback
system existing in Jabber), better than any other VoIP protocol that i
know, and it also has support for IM, and gateways to the main existing
networks, and probably in the future we will be able to build gateways
In the end i can say that i do hope for better networks, but security
has never been a mainstream issue, and i doubt it will become very soon.
So any protocol that wants to have a chance this days has to provide
more than security.
P.S. In H.323 haft of the bugs have been in ASN.1 parser, because that
protocol is too difficult to implement.
Simon Horne wrote:
>I have to agree with Richard, those on this list know there are currently
>functioning, workable VoIP solutions (and have been for many years) which
>have security built in from the get-go including SMA and H.323. You can't
>blame the programmer if the protocol he/she has to work with does not have
>the native capacity to support the required security the programmer is
>trying to program. Its not the programmers fault.
>Lets be honest. The market has chosen to adopt a protocol which is very
>difficult to secure (as it has no native security support itself). That
>choice may come back to haunt the entire industry.
More information about the Voipsec