Maybe It's Snake Oil All the Way Down

Bill Frantz frantz at pwpconsult.com
Tue Jun 3 15:48:37 EDT 2003 

At 7:42 AM -0700 6/3/03, John Kelsey wrote:
>I keep wondering how hard it would be to build a cordless phone system on
>top of 802.11b with some kind of decent encryption being used.  I'd really
>like to be able to move from a digital spread spectrum cordless phone
>(which probably has a 16-bit key for the spreading sequence or some such
>depressing thing) to a phone that can't be eavesdropped on without tapping
>the wire.

<rant>

I've spent some time recently looking at Voice over IP (VoIP)
implementations.  My immediate reaction to reading the standards is that
they a complete answer to a telephone company executive's wet dreams.
Conferencing, Automatic call forwarding, Billing etc. etc., they're all
covered.  The result is a protocol that is beyond baroque and well into
rococo.  I think the various standards bodies are still trying to deal with
issues in the protocols that weren't thought of from the start.

Of course, once you have your call set up, you have to encrypt it.  Most of
the VoIP implementations use Real Time Streaming Protocol (RTSP, RFC2326),
which requires two UDP ports through your firewall.  Then you have to
encrypt the RTSP traffic.  I have seen reference to an encryption protocol
specifically for RTSP, but a quick scan of STD1 didn't turn it up, so it is
probably still a draft.  I don't know anything about its security.

The other choice is IPSec.  IPSec seems happiest securing traffic between
machines with permanent IP addresses.  It is a nightmare to use with
Network Address Translation.

What would be really nice would be a VoIP system that used TCP instead of
UDP.  (I know that if TCP goes into error recovery, there is going to be
major jitter in the voice.  I know it will be hard to support conferencing.
I know it will not gracefully bridge to the POTS network.  Etc. I'm willing
to put up with that to avoid the pain that comes with UDP.)  Then I can
just tunnel it through SSH, or hack it to use SSL/TLS.  Oh well.

</rant>

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | Due process for all    | Periwinkle -- Consulting
(408)356-8506         | used to be the         | 16345 Englewood Ave.
frantz at pwpconsult.com | American way.          | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list