Re: [on-asterisk] how safe is voip

4 Aug 2005 17:09:52 -0000 

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Andrew" == Andrew Kohlsmith <[EMAIL PROTECTED]> writes:
    >> It is so non-private, that frankly, I expect a court to
    >> eventually say that there is no expectation of privacy, and so no
    >> wiretap may be required.

    Andrew> Don't count on it.  Landline calls and even most cell calls
    Andrew> are so easily interceptable that it makes VOIP look hard in
    Andrew> comparison.

  landline taps in theory, require physical access, and can in theory,
only be done by the "phone company"

  For an arbitrary VoIP call, none of the above many true.
  Given 802.11, BGP, DNS and MGCP hijacks, physical access may be
totally irrelvant. I'd rather that a court declared Internet traffic
"public" --- that way we'd all be playing on the same field.

    >> Given that why would you do otherwise?

    Andrew> For the same reason that I don't go to great lengths to
    Andrew> protect my landline or cell voice calls?  Encryption also

  Well, I don't trust my landline.
  I use GSM for mobile use, rather than the Canada-wide-cordless stuff
that Bell and Telus sells. 

    Andrew> adds latency and points of failure, although with most
    Andrew> hardware these days the additional latency is a moot point,
    Andrew> especially if your VOIP provider a) doesn't provide an
    Andrew> encrypted link to their network and b) is already 80-150ms
    Andrew> "out" on the internet.

  Exactly.
  I have proposed to unlimitel.ca that they allow us to co-locate an
IPsec gateway with their SIP boxes.  So far, no reply, but it is summer...

  There are some minor NAT-related issues that will prevent it from
being plug-n-play for for people' whose Asterisk is behind their NAT.
This will initially require that we do some minor manual configuration
for these customers.
  
  For people using WRT54GS as their NAT, we can just run the IPsec on
that box, using OpenWRT....

- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQvJL24qHRg3pndX9AQE5JwQAvS8HhDIvfriSdvwvKxCcfa4CKrCTHRUo
Joxd41r3Q9QDWmskXqy4OelZfJFJLJKoDbfTq0KwVltaIFsfF4c8U9YKaUcMI9AO
Y7x/v3QX0NzEdaXMqpxCBlDUn1sAGZb+NBakPuW8jPAciptokKjUns4JN333p9eB
Ny1b5uO7jZ0=
=bUY9
-----END PGP SIGNATURE-----

Reply via email to