[VOIPSEC] Voipsec Digest, Vol 14, Issue 17
Tyler Johnson
trjohns1 at email.unc.edu
Wed Feb 22 09:19:02 CST 2006
We have a concern that the whole SSL VPN approach may be marginally
acceptable for voice (small packets) but fall apart with video (large
packets) due to queuing issues. And so there is a danger in heading down
this path thinking that we have a solution and then it falls apart
quickly as folks do more multimedia.
That's why we think end to end authentication and encryption by the
endpoints is the right architectural path from a security perspective.
That does, however, leave the NAT problem open, but I question the
wisdom of using a security solution (IPSEC, SSL VPN, etc.) to solve an
addressing problem. Sure, it might by accident, but not by design. That
seems like a setup for problems to me.
More information about the Voipsec
mailing list