[VOIPSEC] An issue of trust?

[Randell Jesup]

"Tyler Johnson" <trjohns1 at email.unc.edu> writes:
>You can't. That's why you have to implement security at the application 
>layer. That means end to end encryption of media an signaling. However, US 
>regulations for CALEA break that. If you do hop to hop security you really 
>don't have any assurance of security beyond the next hop unless you are in a 
>limited federation, but that doesn't scale to the whole Internet.

CALEA per se (at the moment) doesn't "break" end-to-end - it doesn't
address it or outlaw it.  It says that a service provider must supply them
the stream undetectably and must also supply the keys (if they have them).

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)