[VOIPSEC] Prevailing trends in securing the SIP signaling plane
Vijay K. Gurbani
vkg at alcatel-lucent.com
Tue Apr 14 13:00:12 CDT 2009
Dan Wing wrote:
> I do agree the SIP-over-TLS-over-TCP is a mindset change for a lot
> of stacks, especially if the underlying TCP stack on the server
> side cannot be tuned or is not tuned to support a lot of TCP
> connections.
That said, TLS-over-TCP implementations are not that rare. For
instance, here is the data compiled from the last 7 SIPit's (SIP
interoperability events, which are held generally twice a year)
shows that [1]:
SIPit Unique Number of TLS
No. Implementations implementations Percentage
----------------------------------------------------
16 57 25 44%
18 73 30 41%
19 90 41 45%
20 90 42 46%
21 70 34 49%
22 80 50 63%
23 50 24 48%
Note: (1) 16th SIPit was held in April 2005, 23 SIPit was held in
October 2008.
(2) Data for 16th SIPit is form my private archive
and is not reflected in [1].
(3) I don't have data for 17th SIPit.
As can be seen, as a percentage the TLS implementations show
a monotonic increase save a couple of hiccups. I suspect
that most new TLS (or even TCP) implementations are not tuned to
performance as much as they are geared towards ensuring
that the functionality itself exists.
[1] Robert J. Sparks, SIPit Summaries, archived at
https://www.sipit.net/SIPitSummaries
Thanks,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
Web: http://ect.bell-labs.com/who/vkg/
More information about the Voipsec
mailing list