There is low energy in the work group at the moment, but the technical problems have been addressed and there are a few implementations.
The base spec should be published soon (it's in AUTH48). We need the SIP spec to be finished. There are some subsidiary specs that are in process which improve operation in certain circumstances, but base RELOAD and the SIP application of RELOAD would provide a good basis for VoIP which is substantially less susceptible to interception. As it is a true peer to peer solution, the opportunity to charge customers lots of money to place calls is somewhat limited. There are some opportunities in the enrollment server, but they are limited, and as I had mentioned previously, if the enrollment server was compromised, mischief could be inserted into the credentialing. I think if this seemed to be one of our responses to recent revelations, work could be completed rather quickly. Brian On Sep 12, 2013, at 7:27 AM, Hannes Tschofenig <[email protected]> wrote: > Hi Dean, > > I may not be up to speed with RELOAD but I understood that all the energy has > vanished from that work. There were also a number of technical problems. > > Maybe someone can give us a brief update on the status. > > Ciao > Hannes > > On 09.09.2013 17:46, Dean Willis wrote: >> I think we can mostly get there with RELOAD, but the implementations are >> still pretty early. >> >> On Sep 9, 2013 6:53 AM, "Hannes Tschofenig" <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Linus, >> >> thanks for the comments. >> >> I have indeed skipped that topic. I will have to read into the >> Mumble project to see what security and privacy guarantees it provides. >> >> My current conclusion from using VoIP/IM systems without using Tor >> is that you cannot really protect against collecting this >> transaction data (i.e., you have to at least trust the two VSPs, our >> own and then the VSP of your communication partner). While you can >> influence routing of the data traffic to a certain extend it does >> not work too well when your VSP is working against you. >> >> With IM you could at least set up your own server (e.g., by using an >> XMPP server) but with VoIP that's more complicated because nobody >> else will accepted your connection attempts (as explained in the >> interconnection part of my write-up). >> >> I will come back to you on that issue. >> >> Ciao >> Hannes >> >> >> On 09.09.2013 14:31, Linus Nordberg wrote: >> >> Hannes Tschofenig<hannes.tschofenig@__gmx.net >> <mailto:[email protected]>> wrote >> Mon, 09 Sep 2013 11:26:39 +0300: >> >> | http://www.tschofenig.priv.at/__wp/?p=997 >> <http://www.tschofenig.priv.at/wp/?p=997> >> | >> | It contains a number of recommendations, which are addressed >> to VoIP >> | providers and vendors but have to be enforced by data protection >> | authorities. >> | >> | The recommendations unfortunately highlight some challenges... >> >> Indeed. And still, I miss any mention on protection against >> collecting >> data about who's talking to who. >> >> Without claiming any expertise at all in this area, the closest >> thing to >> something implementing this that I've heard of is Mumble over >> Tor. Mumble [0] is not standardised AFAICT. The Guardian Project >> wrote >> [1] about this earlier this year. Some people seem to use it [2]. >> >> [0] https://en.wikipedia.org/wiki/__Mumble_%28software%29 >> <https://en.wikipedia.org/wiki/Mumble_%28software%29> >> [1] >> >> https://trac.torproject.org/__projects/tor/wiki/doc/__TorifyHOWTO/Mumble >> <https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble> >> [2] >> >> https://guardianproject.info/__2013/01/31/anonymous-cb-radio-__with-mumble-and-tor/ >> >> <https://guardianproject.info/2013/01/31/anonymous-cb-radio-with-mumble-and-tor/> >> _________________________________________________ >> perpass mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/__listinfo/perpass >> <https://www.ietf.org/mailman/listinfo/perpass> >> >> >> _________________________________________________ >> perpass mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/__listinfo/perpass >> <https://www.ietf.org/mailman/listinfo/perpass> >> > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
