--- begin forwarded text
Delivered-To: [EMAIL PROTECTED]
Date: Fri, 5 Aug 2005 12:06:24 -0400
To: Philodox Clips List [EMAIL PROTECTED]
From: R.A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] Does Phil Zimmermann need a clue on VoIP?
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
http://blogs.zdnet.com/Ou/?p=86
| George Ou | ZDNet.com
8/4/2005
Does Phil Zimmermann need a clue on VoIP?
-Posted by George Ou @ 11:52 am
Security
Infrastructure
Updated: 8/5/2005 @ 4:06 am Phil Zimmermann of PGP fame, a legend in the
cryptography world, was cooking up a new secure VoIP brew at last week's
Black Hat conference-but could he be just a little bit out of touch? As
much as I respect the man's intellectual prowess and his contribution to
the field of cryptography, I don't think I can say the same about his
product design skills. Product design and product marketing is less about
intellectual prowess than understanding the needs of the average human
user. When I read about Zimmermann's recent VoIP demonstration at Black
Hat, it made me doubt his product design skills even more.
Phil Zimmermann criticizes existing VoIP cryptographic solutions for
relying on PKI. Given the fact that Zimmermann's PGP technology has always
been an alternative to PKI based technologies, one can expect a bit of a
natural bias against PKI-based solutions. Just about every other
PKI-alternative cryptography company has gone as far as declaring PKI dead
even tough PKI has been thriving for the last decade with E-Commerce
leading the charge in a massive global PKI implementation. I've personally
designed and deployed many PKI solutions for large corporations for all
sorts of security applications ranging from remote VPN access to wireless
LAN security, and I can attest that the technology is simple, scalable, and
reliable. It's an undeniable fact that any solution that promises to
bypass PKI always end up being more trouble than it's worth.
One of the biggest recent successes in VoIP or any application class is the
phenomenon of Skype. Skype has managed to gain more users in a single year
than all of the other VoIP software solutions put together; at last count,
there were about 148 million downloads of Skype. Millions of people use it
every day without even knowing that they are using PKI technology with
1024-bit RSA keys for secure authentication and 256-bit military grade AES
encryption. While other vendors talk the talk about cryptography and how
nice it would be if only people would use it, Skype actually deployed the
biggest secure VoIP communications scheme ever using a seamless PKI
implementation. Most people just never knew it because Skype spent less
time talking about it than implementing it. Looking at Zimmermann's
PKI-less VoIP cryptography scheme, I doubt it will be as seamless a
solution.
On the connectivity side, Zimmermann's demonstration at Black Hat showed
why Skype still reigns supreme over everyone else. As a matter of fact,
Zimmermann's demo almost never left the ground because of router traversal
problems. While firewall and router traversal problems aren't uncommon
among most VoIP solutions, it is one of the biggest impediments (next to
inadequate or missing microphones on the modern personal computer) to the
success of VoIP. The reason Skype exploded onto the scene was that they
alone understood that the average computer user is in no mood to mess with
firewall rules, port triggers, and NAT traversal problems and
probably doesn't even know or care what I'm talking about. Skype wrapped
their entire VoIP payload into a simple firewall- and NAT-friendly packet
and used the power of peer-to-peer technology to make Skype work under any
environment. All the complexity is hidden under the hood and even grandma
can now use PC telephony.
Skype has set the gold standard for ease-of-use and seamless security.
Any VoIP solution from this point forward that fails to meet this standard
will be dead on arrival. Although it may be too early to tell how
Zimmermann's solution will fare in the end, it certainly doesn't appear to
be off to a good start. Maybe I'm being a bit harsh on a solution that is
still a work in progress or maybe Zimmerman thinks I'm way off base. Phil
if you're reading this and you want to tell me I'm wrong and why, I'll be
more than happy to post your reply.
--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
___
Clips mailing list
[EMAIL PROTECTED]
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
