Correct in virtually all the teleco deployments of SIP it is not used. Its generally not used in the hosted PBX systems the teleco's deploy as well aka Broadsoft though I'm sure you have better information on the status of current hosted Lync deployments. Certainly some enterprises do actually turn on the TLS function but the anecdotal evidence is a very very small percentage. The resistance level at both the service provider and enterprise level is actually considerable.
For the telecos A. the customer demand is not there. There may be a Government demand but that is another question. B. it does represent computational costs that under the current environment is difficult for service providers to justify from a CAPEX perspective That said the security situation with Intercarrier SIP traffic IS a matter under serious consideration with the IETF STIR proposition, but the problem statement is not the security of the RTP traffic it is actually validating the source of the call session itself. That is going to get serious attention since the problem centers on criminal fraud, disruption of public safety communications and violation of the national do not call lists. There are certainly areas where SIP security could be improved could be improved but we are not the protocol police and IMHO any thought of a Mandatory to Use security level will simply be ignored until the usability factors are improved. Personally I find IETF discussions of Government behavior distasteful. Frankly we have met the enemy and it is us. The IETF ended up designing security protocols that are very very difficult to deploy at scale. E-Mail encryption is the obvious problem. Oh gee I'm really going to turn that on if it ends up defeating the anti-spam measures. Good luck with that. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Farrell Sent: Thursday, October 10, 2013 4:41 AM To: Christian Huitema; 'Peterson, Jon'; 'Richard Shockey'; 'perpass' Subject: Re: [perpass] mandatory-to-implement vs. more? On 10/10/2013 04:28 AM, Christian Huitema wrote: >> For me, the question is: Nobody uses SIP/TLS now. Using SIP/TLS would >> add some value. How can we make it more likely they do use SIP/TLS? > > Define "nobody," please. Microsoft Lync uses SIP/TLS by default. That > must be more than "nobody." Apologies. I was going from Rich and Jon's statements which I guess are more considering telco deployments. But even if its "almost nobody," the question remains. S. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
