Voice crypto:

Bill Stewart bill.stewart at pobox.com
Wed Aug 22 19:09:19 PDT 2001 

Tim, Dr. Evil, and others were talking about Starium and other secure voice.

> >> I bought one, and I know of several others who have bought them.
> >> As to whether they are _currently_ selling any models, I can't say.
> >> But this doesn't change my "fax effect" point.

The Voice Over IP market has been growing rapidly,
with wiretappability built in,  and the Fax Effect making it more likely that
if you're on a VOIP call over the Internet or telcos it's insecure.
The primary standard in use is H.323, which doesn't do crypto
and which picks its TCP ports in ways that are hard to simply force
through IPSEC unless you're doing that for all your traffic.
Some of the followon standards may help, and there are other
VOIP systems out there (mostly proprietary), but H.323 is dominant.
SIP and MGCP are more wrappers around H.323 than competitors.

Other than random hobbyists or software developers,
most of the VOIP market is in several categories
- Microsoft Netmeeting users on the Internet (it's free,
         and comes with almost every $50 PC camera.)
- PBX replacements running on companies' private networks,
         behind firewalls and usually not carried on the Internet.
         They're pretty safe; corporate nets can be hacked,
         at least by insiders, but so can PBXs.
- International carriers providing gateways between US and non-US
         telcos, generally with the Internet in the middle
         but sometimes with their own private IP nets in the middle.
         These are tappable at the US telco edge, but for internet-based
         services, the Internet's probably an easier place.
- US companies like Net2Phone that provide cheap connectivity
         from PC users to telcos, and similar businesses being proposed
         but DSL and cable modem providers.  These have the problem that
         CALEA wiretap requirements apply to any telco-like provider,
         and any non-telco ISP or VOIPgate can be tapped at the telco edge.

I've been trying to set up voice communications on Linux that
I can try over IPSEC in my lab, using www.openh323.org, to see how it sounds
and what issues come up while using it.  So far, I've confirmed
Hugh Daniel's comments that sound card support on Linux is dodgy,
unreliable, and a real pain.  Once I've got stable operating systems again
that don't complain about missing sound-chip driver modules,
I'll probably just run Windows (sigh) Netmeeting across the freeswan
and also across the Nortel Contivity stuff we're installing.

More information about the cypherpunks-legacy mailing list