[VOIPSEC] the quality of voip vs. the worthless completely brokenmess

Henry Sinnreich hsinnrei at adobe.com
Mon Dec 11 15:06:45 GMT 2006

Albert writes:

>almost all the time, make most voip communications
>(here) worse than leaky-cable hand-mediated trunk calls of old

This statement shows total confusion between the minimal quality
Internet broadband access and VoIP quality.

I have found that's using SIP phones for years now and also recently
Skype 3.0 between Texas and several countries in Europe and Asia not
only to provide flawless VoIP but SIP based eyeBeam and Skype now also
have full screen crisp video good enough to make seeing the family a
true pleasure.

Just get decent Internet access and try SIP based eyeBeam and/or Skype
as proof what a good VoIP implementation really is. Don't blame VoIP as
long as you don't have proper Internet access.

As for security, encrypted P2P Skype is safer than anything other
networks can provide.
For SIP you have the ZRTP based Zfone (http://zfoneproject.com/) that
ensures pretty good security.

Thanks, Henry

-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
Behalf Of Albert
Sent: Monday, December 11, 2006 8:12 AM
To: voipsec at voipsa.org
Subject: [VOIPSEC] the quality of voip vs. the worthless completely


I would be happy if all my voip calls were as good in quality as the
messages sent through the "worthless completely broken mess which is

The reality is that most times, echo, loss of spectrum, wow and flutter
plain background NOISE, not to mention occasional fragments of someone
else's conversation, almost all the time, make most voip communications
(here) worse than leaky-cable hand-mediated trunk calls of old.

By the way, noisy pstn local calls, interception of conversation held
"portables" etc... were not at all unusual, in my experience not even
long ago. Not long ago, an important resource for a personal assistant,
called secretary or phone operator, was a small collection of spelling
alphabets e.g. alpha, bravo, charlie, delta, echo, foxtrot etc...  so as
be able to spell things out properly over the flaky lines.

Was this a worthless completely broken mess too?

With microwave and satellite repeaters, huge bandwidth and electronic
switching, new norms were possible and those days are now over for pstn.

The most interesting comment in this context was made by  Geoff Devine
Cedarpoint and repeated by "Vijay K. Gurbani" of Alcatel-Lucent - that
current PSTN quality, security and reliability was developed with
money and near-infinite budgets.

Could the aim of this group thus be to devise ways to get serious
for secure VOIP too - ITU/IETF and security teams around the telephone
internet networks! ??

What do the readers receiving the output of a completely worthless
mess think?


2006/12/11, voipsec-request at voipsa.org < voipsec-request at voipsa.org>:
> Send Voipsec mailing list submissions to
>        voipsec at voipsa.org
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> or, via email, send a message with subject or body 'help' to
>        voipsec-request at voipsa.org
> You can reach the person managing the list at
>        voipsec-owner at voipsa.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Voipsec digest..."
> Today's Topics:
>   1. Re: [SearchSecurity.com] Better VoIP training   needed, SANS
>      director says (Simon Horne)
> ----------------------------------------------------------------------
> Message: 1
> Date: Mon, 11 Dec 2006 03:34:08 +0800
> From: Simon Horne < s.horne at packetizer.com>
> Subject: Re: [VOIPSEC] [SearchSecurity.com] Better VoIP training
>        needed, SANS director says
> To: Diana Cionoiu < diana at voip.null.ro>,Simon Horne
>        <s.horne at packetizer.com>
> Cc: Voipsec < Voipsec at voipsa.org>
> Message-ID: < at mail.isvo.net >
> Content-Type: text/plain; charset="us-ascii"; format=flowed
> Diana
> I totally agree, security is not a mainstream issue until it starts to
> become an issue, then of course it's all too late.
> On the topic of IM have you had a chance to read my proposal and
> document H.460.tm <http://h.460.tm/> (Text Messaging)
> http://www.packetizer.com/voip/h323/doc_status.html
> It is completely backwards interoperable. You can have two softphone
> connected to an old cisco network and be able to exchange text
> between eachother.  Gives you something to think about :-)
> >P.S. In H.323 haft of the bugs have been in ASN.1 parser, because
> >protocol is too difficult to implement.
> This is a kinda funny statement to make given you previous post on the
> topic..:-)  There are quite a few (as you know) very good ASN.1
> available in both open source and can be purchased. For instance it
> me
> no more than about 5 minutes (serious) to upgrade my code from H.323v5
> H.323v6 using an open source ASN.1 C++ parser and ASN.1 definitions
> straight out of the standards documents. Once you have a decent parser
> then
> building is just a snap. Understanding how it all works is a different
> story. The protocol is extremely complicated (in some areas overly
> complicated) but it was designed to accommodate most requirements of a
> VoIP
> system including PSTN interoperability and security framework from the
> very
> beginning. Trying to add these features later on can be just as
> or more difficult to implement.
> I personally have used the existing security framework of H.323 to
> embedding digital certificates for authentication, diffie-hellmen keys
> media encryption, caller credentials (username/password) for border
> admission etc into pre-existing standard signalling messages and
> successfully deployed these devices interoperablity in pre-existing
> networks. This isn't rocket science, if a flexible security framework
> exists than with a bit of effort it is possible, if it does not then
> securing that VoIP network, at best is difficult and potentially
> wholesale upgrading endeavor or at worst a worthless completely broken
> mess
> like email.
> Simon
> At 12:51 AM 11/12/2006, Diana Cionoiu wrote:
> >Hello Simon,
> >
> >This is why we decided to support Jingle in Yate. Jingle has the
> advantage
> >that it has a mechanism that works against spam (the dialback system
> >existing in Jabber), better than any other VoIP protocol that i know,
> >it also has support for IM, and gateways to the main existing
> >and probably in the future we will be able to build gateways for
> >In the end i can say that i do hope for better networks, but security
> >never been a mainstream issue, and i doubt it will become very soon.
> >any protocol that wants to have a chance this days has to provide
> >than security.
> >
> >Diana Cionoiu
> >
> >P.S. In H.323 haft of the bugs have been in ASN.1 parser, because
> >protocol is too difficult to implement.
> >
> >Simon Horne wrote:
> >
> >>I have to agree with Richard, those on this list know there are
> currently
> >>functioning, workable VoIP solutions (and have been for many years)
> which
> >>have security built in from the get-go including SMA and H.323. You
> can't
> >>blame the programmer if the protocol he/she has to work with does
> >>have the native capacity to support the required security the
> >>is trying to program.  Its not the programmers fault.
> >>
> >>Lets be honest. The market has chosen to adopt a protocol which is
> >>difficult to secure (as it has no native security support itself).
> >>choice may come back to haunt the entire industry.
> >>
> >>Simon
> ------------------------------
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> End of Voipsec Digest, Vol 24, Issue 7
> **************************************
Voipsec mailing list
Voipsec at voipsa.org

More information about the Voipsec mailing list