[VOIPSEC] An issue of trust?

Andre Fucs de Miranda afucs-listas at mandicmail.com
Sat Jun 17 11:03:56 CDT 2006 

Geoff,

How can you "distinguish with 100% certainty the difference between a 3-way
conference and two separate calls" on a home made ISDN or POTS bridge? I'm
now living in Israel but I grew up in Brazil. A very bizarre aspect of public
security over there is the use of phone conferences by
ARRESTED criminals and let's face reality, they are not restricted to centrex
and 3 way conference, but also illegal conference bridges using kidnapped
lines.

Ok that Brazil is not a good example of public security but the botton line
is that even using pure PSTN and ISDN you don't have ways to distinguish with
such certainty a 3 way conference from two separate calls.

BTW, great, great message anyway. Emphasis on the public policy subject.

Best regards

Andre Fucs



---- Mensagem Original ----
From: "Geoff Devine"
To: Voipsec at voipsa.org
Sent: Sab, Junho 17, 2006 11:00 am
Subject: Re: [VOIPSEC] An issue of trust?
> Andre Fucs de Miranda wrote:
>> Any reasonable SIP or MGCP switch or SBC should be already capable of
>> handling the CALEA requirements.
>
> Actually, that's not 100% true for SIP endpoints.  J-STD-025 requires
> that _ALL_ telephony events and features get reported on a "call detail
> channel".  There is an FBI conformance test to verify this.  If you do a
> lot of telephony features within the SIP User Agent, there is no way you
> can pass this particular sub-section of the FBI conformance test.  For
> example, you can't distinguish with 100% certainty the difference
> between a 3-way conference and two separate calls on a 2-line ATA when
> the conference bridge is local to the ATA.
>
> Randell Jesup writes:
>
>> PSTN gateways usually don't do encryption, since they're so focused on
>> density (channels/device).  (Do any of them do encryption?)  In the
> medium
>> to long term, increasing number of calls (especially to/from/in
> certain
>> countries) will be IPIP.
>
> In my strange and wonderful universe of VoIP over cable, all media
> gateways support encryption.  The PacketCable Security spec mandates
> 128-bit AES.  In our implementation, we do this in an FPGA to preserve
> (very expensive) DSP codec density.  Depending on implementation, media
> security done in a DSP can cost 10-30% channel density in what ends up
> being a very expensive piece of silicon as you scale things.  Anyone who
> is PacketCable qualified has been tested for encryption support.  If you
> scan through the list on the CableLabs web site, this includes Siemens,
> NuEra, Audiocodes (who just bought Nuera), Cisco, and General Bandwidth.
> There are now 4 million residential customers using these media
> gateways.  As far as I know, none of the cable operators have turned on
> media encryption since the DOCSIS access network is already encrypted
> but the function is supported by everyone.
>
> Randell Jesup also writes:
>
>> An SBC (or equivalent) setup has issues when the provider of the proxy
>> doesn't also control the access link to the subscriber.  The issues
> have
>> to do with call quality, and to enable the 1 in 100,000,000 chance a
> call
>> will need to be intercepted (excluding police states or
> "trolling"...),
>> ALL calls will be slightly to severely negatively impacted (added
> delay,
>> packet loss, point of failure).  And the cost is far from negligible
> as
>> the revenue model shifts away from traditional POTS models.
>
> If you are offering interoperability with the PSTN, you inherit PSTN
> requirements.  This costs money.  As much as "over the top" service
> providers wish it were so, you can't escape from CALEA requirements.
> This is a cost to service providers that ends up being passed to the
> customer.  Similarly, Vonage discovered a couple of days ago that they
> are now subject to Universal Service charges.  A piece of your Vonage
> bill will now go to subsidize rural telcos.  Personally, I think this is
> proper public policy.  Just because someone is wealthy enough to afford
> a broadband connection, they shouldn't be exempted from having to pay
> the costs associated with lawful intercept, 911, and rural subsidy.
> Where I live, wireline and cellular customers pay $1.00 per month to pay
> off the 911 PSAP in New Hampshire.  I think it's only fair that a Vonage
> customer who can also dial 911 pay the same $1.00 per month.
>
> Geoff Devine
> Chief Architect
> Cedar Point Communications
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list