[VOIPSEC] Solutions in addressing SPIT (Spam overInternetTelephony)
Christopher A. Martin
chris at sip1.com
Thu Feb 17 22:26:15 CST 2005
If the endpoints rely on carrier based sip solutions implementers could
develop filters similar to spam filters for email.
But some providers today actually implement simpler mechanisms (Simple is
good), albeit closed in nature, by basically only permitting users that
authenticate to the VoIP service (hopefully at least using SIP digest) and
disallowing domains that are not serviced by the carrier access to the VoIP
network. If you don't have a valid account, you can't connect via IP to the
user...so they are still stuck in analog land when it comes to annoying the
caller.
The problem is that if you want IETF standards based systems implementing
the closed nature is stifling, but if you want security you have to close
the environment off a bit (As any of the security minded would have it).
>From my experience, there is still a lot to be done for the existing
traditional data networks, being reutilized for VoIP, that are still a bit
behind the security curve, and folks are still trying to deploy VoIP on top
of it.
:)
Chris
________________________________
Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
Domains.SIP1.com
http://domains.sip1.com
Low cost domain name registration & other Internet services.
Sign up for your PayPal merchant account today and start selling your
products on line today!
https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Volker Tanger
Sent: Thursday, February 17, 2005 1:14 PM
To: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] Solutions in addressing SPIT (Spam
overInternetTelephony)
Greetings!
Re-opening an older thread:
On Thu, 10 Feb 2005 20:32:53 +0530
<ranjith.mukundan at wipro.com> wrote:
>
> though not a general evaluation, this I-D
> http://www.ietf.org/internet-drafts/draft-rosenberg-sipping-spam-01.txt
> describes some of the key problems & evalutes potential
> solutions, in a SIP based voip network.
The main problem with SIP and others is that the sender cannot be
correctly verified without PKI or similar systems. SPAMmers can send
their stuff semi-anonymously.
I have developed an early draft on a protocol that could overcome this
problem without having to implement and agree on a common PKI - and
with a spammer usually being at disadvantage bandwidth-wise.
Please have a look at http://xarsim.org/ - comments are highly
appreciated (yes, the messaging part currently is *very* rough).
Thanks a lot
Volker
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists at wyae.de PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list