[VOIPSEC] Voipsec Digest, Vol 12, Issue 24

Bob Wise bob at bobsplanet.com
Mon Jan 2 08:58:16 PST 2006


Those are good links, thank you!

Do you have any commentary on why the Skype folks chose to go the
proprietary route to begin with?

-Bob

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Henry Sinnreich
Sent: Monday, January 02, 2006 8:22 AM
To: 'Mark Baugher'
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24

Hi Mark and Happy New Year!

You may have seen the security evaluation for Skype:
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf 

It would be very interesting for someone who disagrees to take up this
evaluation, item by item and provide arguments to the contrary. I have not
not seen any arguments to the contrary, but just people who either like
Skype and some who don't. 

There is a test report though from a credible lab:

http://www.networkworld.com/reviews/2005/121205-skype-test.html 

In this light, Skype is probably more useful in the enterprise than the
hypothetical risks it may represent. Are Windows and its applications less
risky?

Actuallly, Skype can significantly increase productivity IMHO and should be
encouraged by IT untill a similar well designed application based on SIP
will emerge. Instead of griping about Skype, I would like IETF-minded folks
to work on a better-than-Skype P2P SIP product.

Thanks, Henry

 

-----Original Message-----
From: Mark Baugher [mailto:mbaugher at cisco.com] 
Sent: Monday, January 02, 2006 9:33 AM
To: henry at pulver.com
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24

hi Henry,

On Dec 28, 2005, at 7:05 AM, Henry Sinnreich wrote:

>> You can't sell expensive phones or nobody will be your customer
>
>
>
> Check out the Skype phones, (or the Nimcat/Avaya or Peerio PBX  
> phones).
>
> There is no central call routing and the phones are both secure and
> affordable.

I have not found a public description of Skype security and for that  
reason would not claim that they are secure.  In fact, what I have  
read about Skype security leads me to conclude that there is too much  
that is hidden from the user for Skype to be considered secure.

Mark
>
>
>
> Both the business models and the platforms (no VoIP infrastructure)  
> are
> different though from the "carrier" model, and this changes the  
> security
> model and cost in a fundamental way.
>
>
>
> Let the flames come! :-)
>
>
>
> Thanks, Henry
>
>
>
>
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec- 
> bounces at voipsa.org] On
> Behalf Of Voipsec-request at voipsa.org
> Sent: Wednesday, December 28, 2005 6:00 AM
> To: Voipsec at voipsa.org
> Subject: Voipsec Digest, Vol 12, Issue 24
>
>
>
> Send Voipsec mailing list submissions to
>
>       Voipsec at voipsa.org
>
>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
>       http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> or, via email, send a message with subject or body 'help' to
>
>       Voipsec-request at voipsa.org
>
>
>
> You can reach the person managing the list at
>
>       Voipsec-owner at voipsa.org
>
>
>
> When replying, please edit your Subject line so it is more specific
>
> than "Re: Contents of Voipsec digest..."
>
>
>
>
>
> Today's Topics:
>
>
>
>    1.  VoIP vulnerabilities summarization (david.castro)
>
>
>
>
>
> ----------------------------------------------------------------------
>
>
>
> Message: 1
>
> Date: Tue, 27 Dec 2005 16:12:14 +0100
>
> From: "david.castro" <david.castro at adianta.net>
>
> Subject: [VOIPSEC]  VoIP vulnerabilities summarization
>
> To: Voipsec at voipsa.org
>
> Message-ID: <43B159CE.8030706 at adianta.net>
>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>
>
> Hello, I'm David.
>
> I've just read your interesting "chat", and I learned a lot, but I'd
>
> like make a question about SIP.
>
> Let's imagine you are making an IP phone-operator. You have a central
>
> access point (server SIP and gateway to PSTN), or several access  
> points
>
> across internet. You can sell to your customers a IP-phone, so they
>
> don't have a computer run to chat on the phone. You can't sell
>
> expensives phones or nobody will be your customer, so the phones  
> hasn't
>
> TLS, IPSEC or proxy SIP, because they are connecting direct to  
> access point.
>
> How do you protect this scenario?
>
> I'm using login/password in register request, but in other request I
>
> can't by the phones. What would you do?
>
> Thanks
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
>
>
> _______________________________________________
>
> Voipsec mailing list
>
> Voipsec at voipsa.org
>
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
>
>
> End of Voipsec Digest, Vol 12, Issue 24
>
> ***************************************
>
>
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org






More information about the Voipsec mailing list