[VOIPSEC] Voipsec Digest, Vol 12, Issue 24

Thu Dec 29 11:53:59 CST 2005

Why not use PhoneGnome - I am sure they will at some point add
TLS/SRTP to their box.

Pankaj

On 12/28/05, Simon Horne <s.horne at packetizer.com> wrote:
> At 07:27 AM 29/12/2005, you wrote:
> >I would like someone to define expensive.
> >
> >Linksys offer a Skype phone for $130.00 (in my area) which is around the
> >price of most REGULAR non-encrypted non-AP phones.
> >
> >Anyone?
>
> Given that the linksys Skype phone is non-encrypted from the handset to the
> base station then really it's just a cordless phone. We looked at cordless
> USB units for our secure softphone but decided against it for that reason,
> why have a secure encrypted phone call when the end user uses a standard
> type cordless phone?. Which is why we went with wired units.  You can get
> desktop Speakerphone USB phones for under $50 (that are designed for
> SKYPE)  In fact we offer 5 different USB Phones for SKYPE and 3 of which
> also work with other softphones like XTEN, stanaphone etc...
>
> The biggest problem I found with USB Phones with SKYPE and a few non
> computer people have complained to us about it too is that they are not
> fully plug 'n play which means they require additional software to drive
> the USB devices' numpad to work with SKYPE and it only really works for
> skype out calls and navigating through the contact lists etc.
>
> To be honest I think USB Phones are the way forward as they are a lot
> cheaper alternative to secure IP phones (given that the software is free or
> near free) and if the secure softphone supports them auto-detect,
> completely plug 'n play and is NAT friendly then it can be easily, cheaply
> and effectively deployed.
>
> This is the direction we have taken the development of our softphone in.
>
> Simon
>
> Packetizer Labs
> http://www.packetizer.com/labs
>
>
>
> >Cheers,
> >
> >James Friesen, CIO
> >
> >Lucretia Enterprises
> >"Our World Is Here..."
> >Info at lucretia dot ca
> >http://lucretia.ca
> >
> >
> > > -----Original Message-----
> > > From: Henry Sinnreich [mailto:henry at pulver.com]
> > > Sent: Wednesday, December 28, 2005 8:05 AM
> > > To: Voipsec at voipsa.org
> > > Subject: Re: [VOIPSEC] Voipsec Digest, Vol 12, Issue 24
> > >
> > > > You can't sell expensive phones or nobody will be your customer
> > >
> > >
> > >
> > > Check out the Skype phones, (or the Nimcat/Avaya or Peerio
> > > PBX phones).
> > >
> > > There is no central call routing and the phones are both
> > > secure and affordable.
> > >
> > >
> > >
> > > Both the business models and the platforms (no VoIP
> > > infrastructure) are different though from the "carrier"
> > > model, and this changes the security model and cost in a
> > > fundamental way.
> > >
> > >
> > >
> > > Let the flames come! :-)
> > >
> > >
> > >
> > > Thanks, Henry
> > >
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Voipsec-bounces at voipsa.org
> > > [mailto:Voipsec-bounces at voipsa.org] On Behalf Of
> > > Voipsec-request at voipsa.org
> > > Sent: Wednesday, December 28, 2005 6:00 AM
> > > To: Voipsec at voipsa.org
> > > Subject: Voipsec Digest, Vol 12, Issue 24
> > >
> > >
> > >
> > > Send Voipsec mailing list submissions to
> > >
> > >       Voipsec at voipsa.org
> > >
> > >
> > >
> > > To subscribe or unsubscribe via the World Wide Web, visit
> > >
> > >       http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> > >
> > > or, via email, send a message with subject or body 'help' to
> > >
> > >       Voipsec-request at voipsa.org
> > >
> > >
> > >
> > > You can reach the person managing the list at
> > >
> > >       Voipsec-owner at voipsa.org
> > >
> > >
> > >
> > > When replying, please edit your Subject line so it is more specific
> > >
> > > than "Re: Contents of Voipsec digest..."
> > >
> > >
> > >
> > >
> > >
> > > Today's Topics:
> > >
> > >
> > >
> > >    1.  VoIP vulnerabilities summarization (david.castro)
> > >
> > >
> > >
> > >
> > >
> > > ----------------------------------------------------------------------
> > >
> > >
> > >
> > > Message: 1
> > >
> > > Date: Tue, 27 Dec 2005 16:12:14 +0100
> > >
> > > From: "david.castro" <david.castro at adianta.net>
> > >
> > > Subject: [VOIPSEC]  VoIP vulnerabilities summarization
> > >
> > > To: Voipsec at voipsa.org
> > >
> > > Message-ID: <43B159CE.8030706 at adianta.net>
> > >
> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> > >
> > >
> > >
> > > Hello, I'm David.
> > >
> > > I've just read your interesting "chat", and I learned a lot, but I'd
> > >
> > > like make a question about SIP.
> > >
> > > Let's imagine you are making an IP phone-operator. You have a central
> > >
> > > access point (server SIP and gateway to PSTN), or several
> > > access points
> > >
> > > across internet. You can sell to your customers a IP-phone, so they
> > >
> > > don't have a computer run to chat on the phone. You can't sell
> > >
> > > expensives phones or nobody will be your customer, so the
> > > phones hasn't
> > >
> > > TLS, IPSEC or proxy SIP, because they are connecting direct
> > > to access point.
> > >
> > > How do you protect this scenario?
> > >
> > > I'm using login/password in register request, but in other request I
> > >
> > > can't by the phones. What would you do?
> > >
> > > Thanks
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ------------------------------
> > >
> > >
> > >
> > > _______________________________________________
> > >
> > > Voipsec mailing list
> > >
> > > Voipsec at voipsa.org
> > >
> > > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> > >
> > >
> > >
> > >
> > >
> > > End of Voipsec Digest, Vol 12, Issue 24
> > >
> > > ***************************************
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Voipsec mailing list
> > > Voipsec at voipsa.org
> > > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> > >
> > >
> >
> >
> >
> >_______________________________________________
> >Voipsec mailing list
> >Voipsec at voipsa.org
> >http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

--
Pankaj Shroff
shroffG at Gmail.com