On Nov 9, 2011, at 3:43 AM, Olle E. Johansson wrote: > > 8 nov 2011 kl. 15:47 skrev Worley, Dale R (Dale): > >> In the real world, the "felt need" for security is not "I don't want >> the government to find out." but rather "I don't want my wife to find >> out." > :-) > > While I agree with what you say in regards to PSTN, I'm still waiting for the > tabloids to come up with articles about neighbours listening to the calls you > did not want your *wife* to find out about. Many broadband networks - and > Wifi - can't be considered secure and there are cases where you don't want > other people to really listen in. > > Like e-mail, people put a lot of trust in th esystem. I think we need to make > sure that we don't harm that trust as we move over to more Internet-based > telephony.
And yet S/MIME would not protect against neighbors listening in on your calls. Encrypting or signing the SDP doesn't prevent listening to the RTP itself - only SRTP does that. S/MIME made more sense in email because the email's MIME body actually contains the sensitive information: the communication content is in that body; whereas in SIP most of the communication content is in the media.[1] Some sensitive information is in the SIP layer, such as the caller/called party info (i.e., SIP URIs) - but those can't be hidden from the SIP proxies obviously. So a more logical approach to prevent neighbors listening in is to use SIP over TLS for the signaling plane, as well as SRTP for the media plane. Obviously using SIP over TLS still relies on trusting the proxies, and not using S/MIME in such cases means the proxies know what your media IP address:ports and codecs will be or could change them, but again that's not what makes your media "secure" - SRTP is.[2] S/MIME adds nothing of value there. -hadriel [1] Obviously in some cases the communication content is in the MIME body, such as MESSAGE method bodies, but that's a horse of a different color. [2] This same debate has occurred for RFC4474 and its signing of SDP, and one comment made there is that letting middleboxes manipulate SDP to force a variable-rate codec to be used could harm security even if SRTP is also used, due to the ability to guess what's being said simply by seeing the SRTP packet pattern that a variable codec would expose. _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
