[VOIPSEC] regarding skype's usefulness in the enterprise

Matthew Kaufman matthew at matthew.at
Fri Jan 6 22:41:31 CST 2006 

Since the topic is relevant, I thought I'd take a moment to introduce
myself. I'm Matthew Kaufman, and I spent over 10 years running various ISPs
before getting back into software.

My current venture is amicima ( www.amicima.com ) where we've got working
demos (on Windows and Mac) of our protocol technology work that, relevant to
this list, happen to implement a secure peer-to-peer VoIP phone.

We've tackled issues like fast security setup for media transport (2 RTT per
session, many media flows per session), NAT and firewall traversal,
congestion management of media flows (we think this is a big overlooked area
right now which will eventually be a big problem), and media flow
prioritization (so we can max out a link with a file transfer, but
prioritize a simultaneous voice call ahead of those packets and experience
no voice degradation). We also have some other neat features like IP
mobility support, so sessions stay up even if the endpoint address changes,
like if you roam between wireless zones. 

Unlike Skype, our protocol specifications are open, and the reference
implementations are open-source, so you're free to download them and find
(and hopefully tell us about) security flaws. Down the road, we intend to
build some other applications based on our work, and we've got some
third-party developers who are also doing so, but for now you can try out
our existing demos.

While we agree that our protocol might not be a standard today, and might
not become a standard in the future (none of us here have any experience
with that process, though we'd entertain suggestions or pointers in that
direction), we hope that we can provide some working examples of "other ways
of solving this problem" that might make it into protocols that have
widespread use in the future.

My experience from running ISPs for a long time suggests that the current
VoIP strategy of no security for signalling, and no security for traffic, is
going to bite some people really seriously before too long, so fixing this
sooner rather than later is essential.

And with that, I'll close my introduction and hope to post the occasional
insight as other topics come up in the future.

Matthew Kaufman
matthew at matthew.at
http://www.amicima.com

More information about the Voipsec mailing list