> From: Olle E. Johansson [o...@edvina.net] > > I'm trying to figure out why after more than ten years of SIP in the > industry, we're still on the 80's level in regards of security in the > implementations. The whole business is still using "telnet SIP" where > we should have moved to "ssh SIP". As long as we do that, SIP will > stay on private VLANS and Skype will be alone on the Internet.
For most purposes, what we have now suffices. In practice, when individuals talk to individuals, the end-to-end authentication is done by users recognizing other users' voices. (And 95%+ of humans have a huge DSP in their brain dedicated to that task.) For most other tasks, "I dialed the directory number and the person who answered claims to be working for the business in question." is usually sufficient, and in situations where it isn't, business have additional security precautions for PSTN calls that work sufficiently well for SIP calls. I mean, when was the last time you made a call and wished that the telephone infrastructure provided more robust security and authentication of the call? In the real world, the "felt need" for security is not "I don't want the government to find out." but rather "I don't want my wife to find out." Dale _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
