[VOIPSEC] IPv6 and the demise (or not) of NAT(wasRe: Interactive Connectivity Establishment (ICE))

Ken Peterson kapnet at mindspring.com
Wed Nov 16 08:35:05 CST 2005 

I dont believe the business case for S/MIME is workable

SIP with TLS and SRTP-based media using any number of key management
techniques seems to be the solution with the strongest business case and
most consensus

an SBC in the middle of the TLS signaling and SRTP media path solves the
encryption issue that otherwise breaks ALG functionality

I dont see why identity/privacy is an issue with an SBC... perhaps Im
missing something

Fundamentally, I believe that SIP is suffering from too many technical
options and not enough end to end solutions. My comments are intended to
create solutions with a business case that meets the requirements of 95% of
the user communities. I believe it does so

1. STUN through ICE for the now (and possibly the future) .. TURN piece
seems worthless for most
2. SIP Proxy/NAT/FW with ALG functionality for media for future small scale
3. SBC for large scale performing media and signaling relay functionality

If groups like us dont make these decisions, then the vendors with the
greatest influence will create the solutions based on their business plans,
imho...

		Ken



-----Original Message-----
From: Chris Boulton [mailto:cboulton at ubiquity.net]
Sent: Wednesday, November 16, 2005 5:11 AM
To: kapnet at mindspring.com; Dan Wing; Randell Jesup
Cc: Voipsec at voipsa.org
Subject: RE: [VOIPSEC] IPv6 and the demise (or not) of NAT(wasRe:
Interactive Connectivity Establishment (ICE))




For more scalable enterprise implementations, it seems most likely that
the
data firewall will remain in place and all voice will pass through the
new
"IP communicaions firewall" (aka Session Border Controller) which will
proxy
all voice traffic and bearer channels leaving the enterprise. Encryption
issues are solved, NATing issues are solved, lawful intercept issues are
handled, and we may actually have a product to make money with instead
of a
"protocol."


[Chris Boulton] I'm a bit confused.  'Encryption issues are solved' -
can you explain what you mean by this please?  How would an SBC work
with S/MIME and Sip identity at the moment?  Perhaps you don't mean 'aka
SBC' which usually act as a B2BUA?


Information contained in this e-mail and any attachments are intended for
the use of the addressee only, and may contain confidential information of
Ubiquity Software Corporation.  All unauthorized use, disclosure or
distribution is strictly prohibited.  If you are not the addressee, please
notify the sender immediately and destroy all copies of this email.  Unless
otherwise expressly agreed in writing signed by an officer of Ubiquity
Software Corporation, nothing in this communication shall be deemed to be
legally binding.  Thank you.

More information about the Voipsec mailing list