[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec for IP Telephony

To: "Jeff Carr" <jcarr@broadcom.com>
Subject: Re: IPSec for IP Telephony
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Thu, 01 Apr 1999 13:40:30 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <000f01be7c6b$028a1020$17b4a8c0@pc-jcarr.broadcom.com>, "Jeff Carr" 
writes:
> Granted the overhead is high wrt the small packet sizes, and ESP does
> interfere with the desire to compress headers (assuming no
> transport-friendly ESP) ------ but I am curious about your comparison of the
> threat models.  Why are they very, very different?

When you're dealing with general Internet hosts, you have to worry
about all sorts of other services that might be able to use the same
key pair.  See http://www.research.att.com/~smb/papers/badesp.ps (or .pdf)
-- even apart from the fixes to ipsec, most of the attacks described
simply don't apply.  To give just one example, here we want to protect
the voice channel only; there are no other port numbers involved.

Prev by Date: RE: IPSec for IP Telephony
Next by Date: Re: RSA claiming trademark on all uses of "RSA" to describe algorithm
Prev by thread: RE: IPSec for IP Telephony
Next by thread: Re: RSA claiming trademark on all uses of "RSA" to describe algor ithm
Index(es):
- Main
- Thread