[VOIPSEC] SRTP

Simon Horne s.horne at packetizer.com
Wed Feb 22 15:48:58 CST 2006 

I have to totally agree, using a handset to me is much better then using 
headphone/speakers (says the guy who writes softphones) but its true. The 
real issue with Secure IP Phones is both commercial and technical.

The price of secure IP phones is most likely going to be quite high as 
these devices would need quite a lot of expensive upgrades and include 
things like encryption accelerator chips etc and they can be expensive. Are 
people going to pay the money for them and is there a "big enough" market 
for it?

Then on the technical standpoint - there is no common standard way of doing 
key exchange so it needs to support all or none. If the device talks to 
another device that does not support the implemented method of encryption, 
will the call fail? Can the call revert back to standard RTP?  These issues 
and the "answer on zero ring" encrypted call problem are going to hamper 
development of these devices.

Another major issue for home office uses in the "Cool I have this secure IP 
phone now how the heck do I get it to traverse my NAT?" issue. Get an SBC!  :(

The reality is I do not see secure IP phones being deployed in any large 
volumes until both the technical and commercial issues are resolved. 
Unfortunately this leaves home office uses with only 2 alternatives either 
non-secure IP Phone or a softphone. I think a compromise can be achieved by 
the use of USB Phones or USB ATA adaptors which enables the user to have 
the feel of a handset yet lets computer do the processing and encrypting. 
These devices are relatively simple and inexpensive. Softphones can be 
written to autodetect these types of devices and switch audio and input to 
them as required and the USB devices are available for under $50.

Simon



At 03:01 AM 23/02/2006, dan_york at Mitel.com wrote:
>Working out of a home office, I can say that I do prefer a hard phone
>for a number of reasons, including the very basic one that I don't have to
>have my
>computer on to make/receive calls.  I do use softphones as well, but it's
>awfully nice if you need to make a call just to be able to go into my home
>
>office and pick up a handset on a regular old phone (well, a secure IP
>phone).

More information about the Voipsec mailing list