11 nov 2011 kl. 00:58 skrev Hadriel Kaplan: > > On Nov 9, 2011, at 3:43 AM, Olle E. Johansson wrote: > >> >> 8 nov 2011 kl. 15:47 skrev Worley, Dale R (Dale): >> >>> In the real world, the "felt need" for security is not "I don't want >>> the government to find out." but rather "I don't want my wife to find >>> out." >> :-) >> >> While I agree with what you say in regards to PSTN, I'm still waiting for >> the tabloids to come up with articles about neighbours listening to the >> calls you did not want your *wife* to find out about. Many broadband >> networks - and Wifi - can't be considered secure and there are cases where >> you don't want other people to really listen in. >> >> Like e-mail, people put a lot of trust in th esystem. I think we need to >> make sure that we don't harm that trust as we move over to more >> Internet-based telephony. > > And yet S/MIME would not protect against neighbors listening in on your > calls. Encrypting or signing the SDP doesn't prevent listening to the RTP > itself - only SRTP does that. S/MIME made more sense in email because the > email's MIME body actually contains the sensitive information: the > communication content is in that body; whereas in SIP most of the > communication content is in the media.[1] Some sensitive information is in > the SIP layer, such as the caller/called party info (i.e., SIP URIs) - but > those can't be hidden from the SIP proxies obviously. SIP presence and instant messaging?
> > So a more logical approach to prevent neighbors listening in is to use SIP > over TLS for the signaling plane, as well as SRTP for the media plane. > Obviously using SIP over TLS still relies on trusting the proxies, and not > using S/MIME in such cases means the proxies know what your media IP > address:ports and codecs will be or could change them, but again that's not > what makes your media "secure" - SRTP is.[2] S/MIME adds nothing of value > there. S/MIME can help with SRTP key exchange, but you are right if you consider voice calls the only application of SIP. I don't. /O _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
