[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: IPSec for IP Telephony





> ----------
> Von: 	Steven M. Bellovin[SMTP:smb@research.att.com]
> Gesendet: 	Donnerstag, 1. April 1999 20:40
> An: 	Jeff Carr
> Cc: 	ipsec@lists.tislabs.com
> Betreff: 	Re: IPSec for IP Telephony 
> 
> 
> When you're dealing with general Internet hosts, you have to worry
> about all sorts of other services that might be able to use the same
> key pair.  See http://www.research.att.com/~smb/papers/badesp.ps (or .pdf)
> -- even apart from the fixes to ipsec, most of the attacks described
> simply don't apply.  To give just one example, here we want to protect
> the voice channel only; there are no other port numbers involved.
> 
If you also want to protect signalling (e.g. in H.323) there are several ports involved. Nevertheless, I also doubt the appropriateness of IPSec for the protection of VoIP. I believe that for VoIP end-to-end security (esp. confidentiality) is crucial (even for communication in a local network). But, if I want to realize end-to-end security I have to deal with firewall traversals. How shall I do that using IPSec in a VoIP scenario ?

Michael