[VOIPSEC] Voipsec Digest, Vol 12, Issue 24

Henry Sinnreich henry at pulver.com
Fri Jan 6 19:17:36 CST 2006 

Bob,

Some more info on P2P SIP can be found at http://p2psip.org .

Also, the References section in the recent I-D may provide more answers:

http://www.p2psip.org/drafts/draft-bryan-sipping-p2p-usecases-00.txt 

As for 
> I understand the NAT/FW traversal
> issues (which led to a surge in SBCs) as requiring some work.

What is an SBC? :-(o 

There are some open source STUN, TURN, ICE developments, such as this:

http://sourceforge.net/project/stats/?group_id=47735&ugn=stun 

Let's keep our fingers crossed for the developers curretly working on ICE
for SIP. The latest on ICE:

http://www.ietf.org/internet-drafts/draft-ietf-mmusic-ice-06.txt 

P2P SIP nodes may use ICE and some TURN media relays in the worst case, if
there are symmetric NAT in the path.

Thanks, Henry

 

-----Original Message-----
From: Bob Wise [mailto:bob at bobsplanet.com] 
Sent: Friday, January 06, 2006 2:11 AM
To: 'Kirill Bolshakov'; henry at pulver.com
Cc: 'Mark Baugher'; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24

Wasn't the point of SIP to enable P2P networks where the intelligence was at
the edge rather than the middle? Shouldn't P2P SIP be a phrase from the
department of redundancy department? I understand the NAT/FW traversal
issues (which led to a surge in SBCs) as requiring some work.

I'll acknowledge this is possibly somewhat off-topic for this list if folks
prefer to take this to personal email I'll understand.

-Bob

-----Original Message-----
From: Kirill Bolshakov [mailto:kirill at sjlabs.com] 
Sent: Monday, January 02, 2006 11:28 AM
To: henry at pulver.com
Cc: bob at bobsplanet.com; 'Mark Baugher'; Voipsec at voipsa.org
Subject: Re: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24

Henry Sinnreich wrote:

>>Do you have any commentary on why the Skype folks chose 
>>to go the proprietary route to begin with?
>>    
>>
>
>I don't know and can only speculate their background made them develop a
P2P
>approach that was easier to invent than wait for the IETF SIP community to
>develop P2P SIP and agile NAT+FW traversal.
>
>P2P has certainly relieved Skype from paying anything at all for any VoIP
>infrastructure and for network management.
>
>Thanks, Henry
>  
>

I would add generic P2P routing issues. As soon as the protocol is 
published and the service stays free (read: no strict registration is 
required, so that no traceback to the human user is possible), a number 
of "Byzantine general" implementations will appear. To be open, the 
protocol must be tolerant to typical P2P routing attacks. Until Skype 
develops a cure against such attacks, they won't go open.

Also, to fight such attacks, the search algorithms should be more 
stochastic. This results in either higher traffic/increased load on 
participating nodes or in the increased search time.

Respectfully yours,
Kirill


> 
>
>-----Original Message-----
>From: Bob Wise [mailto:bob at bobsplanet.com] 
>Sent: Monday, January 02, 2006 10:58 AM
>To: henry at pulver.com; 'Mark Baugher'
>Cc: Voipsec at voipsa.org
>Subject: RE: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24
>
>
>Those are good links, thank you!
>
>Do you have any commentary on why the Skype folks chose to go the
>proprietary route to begin with?
>
>-Bob
>
>-----Original Message-----
>From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
>Behalf Of Henry Sinnreich
>Sent: Monday, January 02, 2006 8:22 AM
>To: 'Mark Baugher'
>Cc: Voipsec at voipsa.org
>Subject: Re: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24
>
>Hi Mark and Happy New Year!
>
>You may have seen the security evaluation for Skype:
>http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf 
>
>It would be very interesting for someone who disagrees to take up this
>evaluation, item by item and provide arguments to the contrary. I have not
>not seen any arguments to the contrary, but just people who either like
>Skype and some who don't. 
>
>There is a test report though from a credible lab:
>
>http://www.networkworld.com/reviews/2005/121205-skype-test.html 
>
>In this light, Skype is probably more useful in the enterprise than the
>hypothetical risks it may represent. Are Windows and its applications less
>risky?
>
>Actuallly, Skype can significantly increase productivity IMHO and should be
>encouraged by IT untill a similar well designed application based on SIP
>will emerge. Instead of griping about Skype, I would like IETF-minded folks
>to work on a better-than-Skype P2P SIP product.
>
>Thanks, Henry
>
> 
>
>-----Original Message-----
>From: Mark Baugher [mailto:mbaugher at cisco.com] 
>Sent: Monday, January 02, 2006 9:33 AM
>To: henry at pulver.com
>Cc: Voipsec at voipsa.org
>Subject: Re: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24
>
>hi Henry,
>
>On Dec 28, 2005, at 7:05 AM, Henry Sinnreich wrote:
>
>  
>
>>>You can't sell expensive phones or nobody will be your customer
>>>      
>>>
>>
>>Check out the Skype phones, (or the Nimcat/Avaya or Peerio PBX  
>>phones).
>>
>>There is no central call routing and the phones are both secure and
>>affordable.
>>    
>>
>
>I have not found a public description of Skype security and for that  
>reason would not claim that they are secure.  In fact, what I have  
>read about Skype security leads me to conclude that there is too much  
>that is hidden from the user for Skype to be considered secure.
>
>Mark
>  
>
>>
>>Both the business models and the platforms (no VoIP infrastructure)  
>>are
>>different though from the "carrier" model, and this changes the  
>>security
>>model and cost in a fundamental way.
>>
>>
>>
>>Let the flames come! :-)
>>
>>
>>
>>Thanks, Henry
>>
>>
>>
>>
>>
>>-----Original Message-----
>>From: Voipsec-bounces at voipsa.org [mailto:Voipsec- 
>>bounces at voipsa.org] On
>>Behalf Of Voipsec-request at voipsa.org
>>Sent: Wednesday, December 28, 2005 6:00 AM
>>To: Voipsec at voipsa.org
>>Subject: Voipsec Digest, Vol 12, Issue 24
>>
>>
>>
>>Send Voipsec mailing list submissions to
>>
>>      Voipsec at voipsa.org
>>
>>
>>
>>To subscribe or unsubscribe via the World Wide Web, visit
>>
>>      http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>>or, via email, send a message with subject or body 'help' to
>>
>>      Voipsec-request at voipsa.org
>>
>>
>>
>>You can reach the person managing the list at
>>
>>      Voipsec-owner at voipsa.org
>>
>>
>>
>>When replying, please edit your Subject line so it is more specific
>>
>>than "Re: Contents of Voipsec digest..."
>>
>>
>>
>>
>>
>>Today's Topics:
>>
>>
>>
>>   1.  VoIP vulnerabilities summarization (david.castro)
>>
>>
>>
>>
>>
>>----------------------------------------------------------------------
>>
>>
>>
>>Message: 1
>>
>>Date: Tue, 27 Dec 2005 16:12:14 +0100
>>
>>From: "david.castro" <david.castro at adianta.net>
>>
>>Subject: [VOIPSEC]  VoIP vulnerabilities summarization
>>
>>To: Voipsec at voipsa.org
>>
>>Message-ID: <43B159CE.8030706 at adianta.net>
>>
>>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>>
>>
>>Hello, I'm David.
>>
>>I've just read your interesting "chat", and I learned a lot, but I'd
>>
>>like make a question about SIP.
>>
>>Let's imagine you are making an IP phone-operator. You have a central
>>
>>access point (server SIP and gateway to PSTN), or several access  
>>points
>>
>>across internet. You can sell to your customers a IP-phone, so they
>>
>>don't have a computer run to chat on the phone. You can't sell
>>
>>expensives phones or nobody will be your customer, so the phones  
>>hasn't
>>
>>TLS, IPSEC or proxy SIP, because they are connecting direct to  
>>access point.
>>
>>How do you protect this scenario?
>>
>>I'm using login/password in register request, but in other request I
>>
>>can't by the phones. What would you do?
>>
>>Thanks
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>------------------------------
>>
>>
>>
>>_______________________________________________
>>
>>Voipsec mailing list
>>
>>Voipsec at voipsa.org
>>
>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>>
>>
>>
>>
>>End of Voipsec Digest, Vol 12, Issue 24
>>
>>***************************************
>>
>>
>>
>>
>>
>>_______________________________________________
>>Voipsec mailing list
>>Voipsec at voipsa.org
>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>    
>>
>
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
>
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>  
>

More information about the Voipsec mailing list