[VOIPSEC] Voice or Not -- Fake Voice Packet???
Robert Moskowitz
rgm at icsalabs.com
Thu Oct 6 16:01:07 CDT 2005
At 10:22 AM 10/5/2005, Paine, Richard H wrote:
>Without something like the Host Identity Protocol (HIP), the
>authenticity of the source will always be spoofable. Take a look at HIP
>at http://homebase.htt-consult.com/HIP.html.
Now you are going to force me to update my web site! Go look over at
the IETF HIP workgroup while I get things current!
>There are several
>reference implementations of HIP and they are available for download and
>testing. Clients for both Windows and Linux are available. The Open
>Group developed an integration architecture called the Secure Mobile
>Architecture (SMA) and Boeing has a prototype implementation of it
>within its Intranet. With SMA, the
>VOIP calls are not spoofable and are protected and encrypted over both
>wire and wireless across the Internet.
I am biased.
I never felt MobileIP was the right answer for devices with changing
IP addresses, whatever the application traffic is (e.g. RTP or
SRTP). Hence HIP.
But this is not saying anything new here.
Though and interesting intersection of VoIP and HIP would be to have
the device's SIP server and HIP rendezvous server be the same
platform. This would also provide secure SIP UDP between the client
and SIP server. Hmmmm....
Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W: 248-968-9809
F: 248-968-2824
VoIP: 248-291-0713
E: rgm at icsalabs.com
There's no limit to what can be accomplished if it doesn't matter who
gets the credit
More information about the Voipsec
mailing list