[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says

Diana Cionoiu diana at voip.null.ro
Sun Dec 10 16:51:57 GMT 2006


Hello Simon,

This is why we decided to support Jingle in Yate. Jingle has the 
advantage that it has a mechanism that works against spam (the dialback 
system existing in Jabber), better than any other VoIP protocol that i 
know, and it also has support for IM, and gateways to the main existing 
networks, and probably in the future we will be able to build gateways 
for audio.
In the end i can say that i do hope for better networks, but security 
has never been a mainstream issue, and i doubt it will become very soon. 
So any protocol that wants to have a chance this days has to provide 
more than security.

Diana Cionoiu

P.S. In H.323 haft of the bugs have been in ASN.1 parser, because that 
protocol is too difficult to implement.

Simon Horne wrote:

>I have to agree with Richard, those on this list know there are currently 
>functioning, workable VoIP solutions (and have been for many years) which 
>have security built in from the get-go including SMA and H.323. You can't 
>blame the programmer if the protocol he/she has to work with does not have 
>the native capacity to support the required security the programmer is 
>trying to program.  Its not the programmers fault.
>
>Lets be honest. The market has chosen to adopt a protocol which is very 
>difficult to secure (as it has no native security support itself). That 
>choice may come back to haunt the entire industry.
>
>Simon
>



More information about the Voipsec mailing list