[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: IPSec for IP Telephony
> ----------
> Von: Steven M. Bellovin[SMTP:smb@research.att.com]
> Gesendet: Donnerstag, 1. April 1999 20:40
> An: Jeff Carr
> Cc: ipsec@lists.tislabs.com
> Betreff: Re: IPSec for IP Telephony
>
>
> When you're dealing with general Internet hosts, you have to worry
> about all sorts of other services that might be able to use the same
> key pair. See http://www.research.att.com/~smb/papers/badesp.ps (or .pdf)
> -- even apart from the fixes to ipsec, most of the attacks described
> simply don't apply. To give just one example, here we want to protect
> the voice channel only; there are no other port numbers involved.
>
If you also want to protect signalling (e.g. in H.323) there are several ports involved. Nevertheless, I also doubt the appropriateness of IPSec for the protection of VoIP. I believe that for VoIP end-to-end security (esp. confidentiality) is crucial (even for communication in a local network). But, if I want to realize end-to-end security I have to deal with firewall traversals. How shall I do that using IPSec in a VoIP scenario ?
Michael