[VOIPSEC] TLS and Firewalls

Wed Feb 9 16:12:11 CST 2005

Consider a conference with voice, video and IM streams, plus floor control.
You now have 5 separate streams coming on the SAME PORT.  You cannot have
separate QoS treatment, you cannot have separate bandwidth management, and
you cannot have separate priority.

And, to be careful, STUN works with all devices, it doesn't work with all
firewalls.

Brian

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Michael Sandee
> Sent: Wednesday, February 09, 2005 2:15 PM
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] TLS and Firewalls
> 
> Brian,
> 
> RTP and the problems surrounding firewalls, NAT/PAT have been around for
> quite a few years, being it H323, SIP or...
> Trying to globally solve this is a nice goal to set, but (apparently)
> impossible to accomplish. There are workarounds like STUN which work
> with _some_ devices.
> 
> If one protocol comes forward which has some distinct advantages over
> the alternatives, it cannot be considered a "Not Invented Here"
> protocol. The advantages are not only a single port, but also trunking
> and some other features which are very useful in a practical pbx
> environment.
> 
> Can you please elaborate on why exactly IAX is bad for choosing a single
> port as transport?
> 
> Michael
> 
> Brian Rosen wrote:
> 
> >Ultimately, this is the problem with IAX.  It's a special protocol,
> >promulgated by a small group, without a rigorous process.
> >
> >It's not in the general interest of the Internet Community (whatever that
> >is) to have multiple ways to do the same thing.  SIP is the way the IETF
> >decided to do session management, including voice, video and text
> (although
> >there are other IM protocols).  IETF is not the only game in town, of
> >course.
> >
> >I think that, actually, the IAX one port idea is a bad way to handle
> >signaling and multiple media streams related to the same session.  The
> fact
> >that it makes it easier on the firewalls is not enough to overcome the
> >limitations it has.  We're better off working to make SIP and firewalls
> work
> >better together.
> >
> >Brian
> >
> >
> >
> >>-----Original Message-----
> >>From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> >>Behalf Of Diana Cionoiu
> >>Sent: Wednesday, February 09, 2005 12:09 PM
> >>To: Alexander
> >>Cc: Voipsec at voipsa.org
> >>Subject: Re: [VOIPSEC] TLS and Firewalls
> >>
> >>If you find any RFC avaibile for IAX let me know. Until now we have
> >>implement IAX based on what we have been able to learn from other people
> >>code. The problem with IAX secure is that of course there is no standard
> >>and we have to get all developers from different projects together and
> >>"maybe" we are lucky enough to convince them to make it work right.
> >>>From my experience each project has his own IAX version.
> >>
> >>Diana
> >>
> >>
> >>
> >>>>one port. The problem with IAX is that are no devices around. We hope
> >>>>
> >>>>
> >>that
> >>
> >>
> >>>  There are some devices with IAX support, and the trend is, there
> >>>  will be more soon. Just few of them:
> >>>
> >>>  http://www.iaxtalk.com/
> >>>  http://www.digium.com/index.php?menu=iaxy
> >>>  http://www.farfon.com/
> >>>
> >>>Regards,
> >>>/Al
> >>>
> >>>_______________________________________________
> >>>Voipsec mailing list
> >>>Voipsec at voipsa.org
> >>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >>>
> >>>
> >>_______________________________________________
> >>Voipsec mailing list
> >>Voipsec at voipsa.org
> >>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >>
> >>
> >>
> >
> >
> >
> >
> >_______________________________________________
> >Voipsec mailing list
> >Voipsec at voipsa.org
> >http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
> >
> >
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 