Re: IPSec IP Telephony:End to End or Segment

[Henry Spencer <henry@spsystems.net>]

On Tue, 30 Mar 1999, Anthony Walwyn wrote:
> With respect to IP Telephony, should security be
> end-to-end or does it make sense to have it on 
> just one segment, eg between two IP Telephony Gateways.

Depends on what sort of threat you are trying to protect against.  The
PSTN is fairly secure against casual snooping, somewhat insecure (at the
ends) against knowledgeable snoopers, and completely open to government
agencies (and possibly others with plenty of cash).

The only really strong security is end-to-end security, but weaker forms
may still be useful, depending on circumstances.

> Phone--PSTN--IPGW--IP Network--IPGW--PSTN-Phone
> If security is only implemented between the Gateways
> is the security risk unacceptable ??

Unacceptable to who, for what purpose?

> If the phones were Internet-Phones, security could be 
> implemented end-to-end using IPSec, but what happens if
> one end is an Internet Phone and one end is a normal PSTN Phone ?

The "INSECURE!" light on your Internet Phone should light up.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

---

Follow-Ups:

• Re: IPSec IP Telephony:End to End or Segment
• From: Lewis McCarthy <lmccarth@cs.umass.edu>

References:

• IPSec IP Telephony:End to End or Segment
• From: Anthony Walwyn <anthony.walwyn@telematics.com>

---

• Prev by Date: RE: 3DES with 40-bit key?
• Next by Date: Re: RSA claiming trademark on all uses of "RSA" to describe algorithm
• Prev by thread: IPSec IP Telephony:End to End or Segment
• Next by thread: Re: IPSec IP Telephony:End to End or Segment
• Index(es):
  • Main
  • Thread