[VOIPSEC] Soft Phone Vulnerabilities
Craig Southeren
craigs at postincrement.com
Wed Jun 7 19:26:30 CDT 2006
On Wed, 7 Jun 2006 16:45:42 -0700
Mark Baugher <mbaugher at cisco.com> wrote:
..deleted
> It's a different question as to whether skype is more or less secure
> than other systems such as sip systems. Another interesting question
> is whether or not a true peer-to-peer system can be made secure.
From a techical standpoint, I think the answer is an unequivocal "yes".
Crypto algorithms exist to implement end to end security and
authentication regardless of the network topology - it's just a matter
of developing the and deploying the appropriate infrastructure.
However, from a business standpoint, the answer has to be a "maybe".
Developing and deploying a system that has cryptographically secure
communcations is expensive, and has to run an impressive gauntlet of
legal hurdles to be available in the biggest target markets.
For a company, most of the value can be extracted from the VoIP market
without incurring the significant additional costs of implementing this
kind of security. The fact that the PSTN and cellphones do quite well
thank you very much without it shows that most users don't really care.
I'm sure that one day a company will offer secure end to end SIP or
H.323 calls - but they won't be cheap. And "secure" will be very tightly
defined :)
Craig
-----------------------------------------------------------------------
Craig Southeren Post Increment – VoIP Consulting and Software
craigs at postincrement.com.au www.postincrement.com.au
Phone: +61 243654666 ICQ: #86852844
Fax: +61 243656905 MSN: craig_southeren at hotmail.com
Mobile: +61 417231046
"It takes a man to suffer ignorance and smile.
Be yourself, no matter what they say." Sting
More information about the Voipsec
mailing list