[VOIPSEC] Voipsec Digest, Vol 12, Issue 24
Mark Baugher
mbaugher at cisco.com
Mon Jan 2 09:32:56 CST 2006
hi Henry,
On Dec 28, 2005, at 7:05 AM, Henry Sinnreich wrote:
>> You can't sell expensive phones or nobody will be your customer
>
>
>
> Check out the Skype phones, (or the Nimcat/Avaya or Peerio PBX
> phones).
>
> There is no central call routing and the phones are both secure and
> affordable.
I have not found a public description of Skype security and for that
reason would not claim that they are secure. In fact, what I have
read about Skype security leads me to conclude that there is too much
that is hidden from the user for Skype to be considered secure.
Mark
>
>
>
> Both the business models and the platforms (no VoIP infrastructure)
> are
> different though from the "carrier" model, and this changes the
> security
> model and cost in a fundamental way.
>
>
>
> Let the flames come! :-)
>
>
>
> Thanks, Henry
>
>
>
>
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-
> bounces at voipsa.org] On
> Behalf Of Voipsec-request at voipsa.org
> Sent: Wednesday, December 28, 2005 6:00 AM
> To: Voipsec at voipsa.org
> Subject: Voipsec Digest, Vol 12, Issue 24
>
>
>
> Send Voipsec mailing list submissions to
>
> Voipsec at voipsa.org
>
>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> or, via email, send a message with subject or body 'help' to
>
> Voipsec-request at voipsa.org
>
>
>
> You can reach the person managing the list at
>
> Voipsec-owner at voipsa.org
>
>
>
> When replying, please edit your Subject line so it is more specific
>
> than "Re: Contents of Voipsec digest..."
>
>
>
>
>
> Today's Topics:
>
>
>
> 1. VoIP vulnerabilities summarization (david.castro)
>
>
>
>
>
> ----------------------------------------------------------------------
>
>
>
> Message: 1
>
> Date: Tue, 27 Dec 2005 16:12:14 +0100
>
> From: "david.castro" <david.castro at adianta.net>
>
> Subject: [VOIPSEC] VoIP vulnerabilities summarization
>
> To: Voipsec at voipsa.org
>
> Message-ID: <43B159CE.8030706 at adianta.net>
>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>
>
> Hello, I'm David.
>
> I've just read your interesting "chat", and I learned a lot, but I'd
>
> like make a question about SIP.
>
> Let's imagine you are making an IP phone-operator. You have a central
>
> access point (server SIP and gateway to PSTN), or several access
> points
>
> across internet. You can sell to your customers a IP-phone, so they
>
> don't have a computer run to chat on the phone. You can't sell
>
> expensives phones or nobody will be your customer, so the phones
> hasn't
>
> TLS, IPSEC or proxy SIP, because they are connecting direct to
> access point.
>
> How do you protect this scenario?
>
> I'm using login/password in register request, but in other request I
>
> can't by the phones. What would you do?
>
> Thanks
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
>
>
> _______________________________________________
>
> Voipsec mailing list
>
> Voipsec at voipsa.org
>
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
>
>
> End of Voipsec Digest, Vol 12, Issue 24
>
> ***************************************
>
>
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list