[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec for IP Telephony

In message <B3B34AF18759D011A2C500805FD25AF1016B09D5@EMAIL1>, Scott Cadzow writ
> Note that most digital radio telephone systems (DECT, GSM, TETRA) use
> streaming ciphers for link encryption, the analysis of each showing that
> block ciphers by having potential to induce delay are unacceptable to
> maintain QoS. If we extend the TDMA models of such systems to general packet
> mode speech then I believe the same conclusions will be reached - stream
> cipher is preferred. The derivation of a Time Variant Parameter is however
> for further study in IP telephony.

The characteristics of such systems are very different.  The ones I've
looked at use strict bit timing to clock the stream cipher, for example.
They aren't packet-oriented, and there are no problems with out-of-order
delivery, duplicate packets, etc.  We're in a packet environment; our answers
may be very different.

That said, it isn't clear to me that IPSEC is the right answer in any
event -- the overhead is high, relative to the very small packet size,
and its strong protection properties interfere with header compression.
Besides, the threat model is very, very different.  We are dealing with
very limited bandwidth on the access lines; our general answer doesn't
seem to fit Internet telephony very well.