/. [PGP Creator's Zfone Encrypts VoIP]

Bill Stewart bill.stewart at pobox.com
Wed Mar 15 09:49:11 PST 2006


At 08:13 AM 3/15/2006, Tyler Durden wrote:
>This is interesting.
>Sorry...I'm a working stiff so I haven't kept up with the protocols. Does 
>SIP in any way force a centralized "switch" paradigm on the VoIP 
>implementation? My thinking is that it does not, it's more of an interface.
>Which means that Zfone could be Peer-to-Peer, and I would bet Zimmerman 
>would have shot for that.
>Anyone know?

SIP is no longer quite "simple", but it's certainly simpler and more 
powerful than H.323.
It looks a lot like an IM system.
The basic model is client/server, with servers that can proxy requests to 
other servers,
where the job of a server is to provide presence service so that
clients can find each other, and actual media channels are client-to-client.
(This does mean that you sometimes need to tunnel through NAT and firewalls.)
Because servers can proxy requests to other servers,
it's no longer a simple hierarchy model.
And most SIP clients support direct client-to-client connections -
as long as you figure out the destination user's address yourself if you 
don't have a server,
and don't mind not having a server to tell you who's calling, reject junk 
callers, etc.

A popular approach is to have an IP PBX that uses SIP functions to
listen to IP phones or IP video, talk to other IP PBXs,
and talk to telco SIP servers to reach old telco phones,
(alternatively to support traditional telco lines using hardware on the PBX),
and also to talk to other servers like conference bridges,
voicemail, or voicemail-to-email gateways.

The two main pre-SIP standards our there are H.323, which is a simpler
client-server model that reuses large amounts of ugly ISDN protocols,
and Cisco's SCCP (aka "Skinny") which is a simpler pre-H.323 protocol.

There are a number of different SIP server types out there
- Asterisk IP PBX is a free open-source application that runs on Linux.
         Most of the development is funded by Digium,
         a company that sells hardware like telco interface boards for PCs,
         including T1, single-line telco interfaces, and single-line phone 
interfaces, etc.
- VOIP servers built into routers.  Cisco mostly uses Skinny, but they'll 
do SIP "real soon".
- Old PBX vendor PBXs with IP boards - mostly H.323, with SIP support emerging.
- Centralized SIP servers that support sites with IP phones and no servers -
         This includes routers from Cisco, etc., as well as
         specialized servers from vendors like Sylantro and Acme Packets.
         In the pre-SIP world, you generally don't mix site-based servers
         like Asterisk and centralized servers, because you don't need both,
         except for things like Cisco SRST failure-mode support in routers,
         but since SIP supports proxies, you may have a local server
         that does your basic presence service and centralized servers for 
voicemail.
- Some people are playing with Distributed Hash Tables instead of real servers.

As far as encryption goes, SIP does most of its signalling with
an HTTP-like protocol that you can run over TLS,
and does media support with RTP (which can be the secure or non-secure 
versions.)
Unfortunately, far too many SIP servers don't handle the crypto negotiations,
not only do they not burn the horsepower to do signalling over TLS,
they also don't help the clients exchange keys.





More information about the cypherpunks-legacy mailing list