Gentlemen, First and foremost, speaking from personal experience, one advantage of SIP via TLS is that >99% of all unsolicited and unwanted requests I observe daily come in as plain SIP on port 5060. (Yes, changing the port would be a similarly effective mitigation against these, but why do we have well-known ports in the first place?)
On the encryption issue... It is simply best practice to not expose data unnecessarily. It is already an achievement that slowly the adoption of meta data and transport encryption is happening in the voice world. As always, you have to start from somewhere to work towards a goal. Reducing the data exposure down to only state mandated and (hopefully) supervised Lawful Interception is a goal that is worthwhile to pursue within the concept of the PSTN. Moving everything from private lines to the public internet is a recipe for disaster. After all, rudimentary support for encryption is one of the few things that can be counted as an improvement when migrating from ISDN to VoIP. That said, of course the security provided with SIP+TLS+SRTP in the end is debatable. I haven't yet seen any use of certificate pinning in SIP trunks :-) Generally I would not communicate sensitive information over the PSTN or infrastructure in general, where I don't know and trust all of the parties that have access to it. Cheers, Michael _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
