[VOIPSEC] An issue of trust?

[Randell Jesup]

"Andre Fucs de Miranda" <afucs-listas at mandicmail.com> writes:
>> Even with redundancy, there are affects on the reliability, which is more
>> than just failover.  (Packet loss, backhoes cutting fiber, and then delay
>> issues.)
>
>LOL. You can't be serious. In the case you are providing VoIP services over
>the Internet you are already using a non reliable network to reach your
>customer! SBCs are no more vulnerable to a backhoe cutting fiber than any
>other equipment. That's why when creating redundant networks you must always
>think about at least two different network transmission medium.
>
>I'm still trying to understand why SBCs would also insert packet loss if
>correctly capacity planned.

Capacity isn't always correctly planned.  Links (to/from the SBC) sometimes
are overloaded when the links between the nodes wouldn't be (especially in
international call cases).  Fiber cuts, local outages, etc can make the
path to an SBC longer/less reliable/etc.

I've worked with other people's SBC-based networks.  In addition to issues
with reliability and loss, I've also seen *significant* problems with SBCs
handling valid SIP and RTP, drop calls randomly and forget they ever
existed, etc.  (I've seen SBC's block all RTCP, even.)  Redundancy isn't
always complete (if it exists at all).

>> And that's part of why CALEA is innappropriate for technologies that don't
>> fit it well.  The argument on the other side is "if it doesn't fit well
>> CALEA, that's too bad, don't do it" - i.e. outlaw the technology.  The FCC
>> in general appears fine with making rules that create defacto huge barriers
>> to entry or large (in the end consumer-paid) costs - not just in this case,
>> but in other cases too.

>Companies and people need to be responsible for what they create. That's why
>you expect the mobile manufacturers to collect their batteries after you use
>them. Every time a control is imposed by a government the market takes a
>while to adapt but it manages.

The definition of "responsible" is rather... political.  And I wouldn't
have any extremely serious objections to CALEA (even for IP<->IP calls) if
it weren't for the (effective) SBC requirement.  That requirement seriously
reduces the quality and options available to consumers, for the extremely
odd case that a criminal being wiretapped is savvy enough to know from
packet traces that they're being tapped, but not so savvy as to know how to
make a call untappable.  Even the feds (as reported here) realize that
"smart" criminals will be able to sidestep CALEA; they appear to just want
to make it easy to get dumb ones.  Not to mention that they can wiretap at
the ISP (where it can be un-noticable) given their other rulings...

One thing I've realized is that the FCC in general has a pretty iffy grasp
of IP and IP Telephony technologies, and without realizing it can issue
regulations that lock in bad/old technologies (and the companies
using/making them), and make it effectively impossible to introduce
newer/better technologies or for new firms to enter certain spaces.  (Sorry
for being vague; I have reasons not to elaborate - nothing to do with
CALEA/etc.)

>When the government asked companies dealing with medical records to comply
>with HIPAA most Civil Rights organizations agreed that it was good. The
>companies affected by HIPAA didn't like it and said that it would increase
>costs, they managed. Still not perfect but they are managing.

Yes, but that was (in theory at least) a benefit to consumers.

>BTW, the customer will always pay the bill since that's how the capitalist
>model works. But trust me it's better to pay directly to your provider than
>through the so called government subsidies and "investment".

Some government functions (like CALEA) should be funded through government
(where the expenditures can be debated and voted on and tracked) instead of
being hidden in the costs of specific companies in response to regulations.
And in the beginning, government _did_ fund CALEA (but only really to the
Bells and cellphone companies).

>> Actually, SBCs for IP-to-IP calls (due to CALEA) forces a (fairly high)
>> lower bound on the costs for a "service provider", compared to a provider
>> who basically provides a SIP server and ENUM.  Skype (so far) avoids that
>> cost, but if they're forced to implement CALEA (and right now due to
>> SkypeIn/Out I assume they will be), they'll be forced into using them.
>> However, they might be able to avoid using them for all calls due to the
>> user (with a sniffer) being unable to tell if they're calls are being
>> proxied by a Skype-owned SBC or a random user supernode (though if you make
>> enough calls and do enough traceroutes, I'm pretty sure you could still
>> figure it out).
>
>Skype will do it because it's better for their business to comply with the
>law and enter the US market than stay out of it and lose revenue. :-)

If they get forced to use Skype-owned SBCs for all calls, their business
model and overall design will have a serious problem.  They either need to
make random supernodes act as CALEA intercept points (and I can think of
serveral ways to compromise this and possibly even block CALEA tracing), or
they need to convince the feds that proxying it through a CALEA SBC only if
it needs to be traced is acceptably "undetectable".  Of course, if they
rule that, then everyone else has a good excuse to insist on the same
treatment or cry foul.

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)