[SIPForum-discussion] FW: right on: [SIPForum-techwg] SIPconnect and Security
Tom Cross
cross at gocross.com
Tue Jun 10 14:16:48 UTC 2008
Alan,
Right on!
When I teach my SIP classes I focus extensively on security.
As a CSSP, security is paramount and should be more than a hope-for SIP
feature.
Cheers,
Thomas B. Cross - CSSP
CEO - TECHtionary.com - 303-594-1694
World's First and Largest Animated Free Library on Technology
www.techtionary.com
From: techwg-bounces at sipforum.org [mailto:techwg-bounces at sipforum.org] On
Behalf Of Johnston, Alan B (Alan)
Sent: Tuesday, June 10, 2008 7:41 AM
To: techwg at sipforum.org
Subject: [SIPForum-techwg] SIPconnect and Security
I've started a separate thread on this as is a worthwhile topic for
discussion on its own.
Before we get lost in the details of how best to key SRTP and how to do best
effort SRTP, let's think about SIPconnect and security. We currently have a
recommendation that basically has no security at all. Many of us went along
with this 1.0 version in the name of having immediate interoperability and
deployability.
But is this really the direction we want to go in all our future
recommendations? Is security just a nice feature that we debate and decide
to leave out of our recommendations?
Our work on these recommendations should set the direction for our industry.
Do we believe that enterprise communication needs authentication and
confidentiality of both signaling and media?
Once we debate these questions, we can go back to the details, timelines,
etc for the next version of SIPconnect.
Thanks,
Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20080610/f4251be8/attachment-0002.html>
More information about the discussion
mailing list