This is an idea from FreeSWAN, which was implemented in the recently released version 1.0. Basically the idea is that FreeSWAN sites automatically encrypt traffic between them when possible, without having to set up the link ahead of time. How this works is: The sites publish some info in DNS. FreeSWAN gets some traffic destined for that site. - looks up the info in DNS - if the info is there: sets up an encrypted connection - if the info is missing: sets up a normal connection This is a feature which can be turned off. How does this apply to asterisk? Asterisk has a call destined for a PSTN number Looks up the number in a central location If it's there, then connect to the reported IAX/SIP/whatever connection over the internet if it's up/ping is good/hops is good/whatever. Otherwise connects through the PSTN. Points: saves money possible quality issues for VoIP over many internet hops this isn't as good as the FreeSWAN way as there is no logical mapping between PSTN and DNS -- therefore need a central location potential for abuse what would be a good spot for the central location? comments? -- Woody
You should investigate TRIP (RFC 3129): http://www.zvon.org/tmRFC/RFC3219/Output/ Find BSD-licensed proof-of-concept code at http://www.vovida.org/downloads/trip/trip-1.0.0.tar.gz If someone could incorporate this into Asterisk and extend the functionality, that would be pretty nice. The basic ENUM support in Asterisk already can handle specific number paths, but I think TRIP or something like TRIP would be best for handling situations where larger groups of numbers need to be "advertised" into a routing table behind a particular Asterisk server. Think "BGP for phone numbers." JT>This is an idea from FreeSWAN, which was implemented in the recently >released version 1.0. > >Basically the idea is that FreeSWAN sites automatically encrypt >traffic between them >when possible, without having to set up the link ahead of time. > >How this works is: >The sites publish some info in DNS. >FreeSWAN gets some traffic destined for that site. > - looks up the info in DNS > - if the info is there: sets up an encrypted connection > - if the info is missing: sets up a normal connection >This is a feature which can be turned off. > >How does this apply to asterisk? > >Asterisk has a call destined for a PSTN number >Looks up the number in a central location >If it's there, then connect to the reported IAX/SIP/whatever connection >over the internet if it's up/ping is good/hops is good/whatever. >Otherwise connects through the PSTN. > >Points: > >saves money >possible quality issues for VoIP over many internet hops >this isn't as good as the FreeSWAN way as there is no logical mapping >between PSTN and DNS -- therefore need a central location >potential for abuse >what would be a good spot for the central location? > >comments? >-- >Woody
This is slightly off-topic I suppose, but: At 20:37 10-6-2003 -0700, you wrote:>You should investigate TRIP (RFC 3129): > >http://www.zvon.org/tmRFC/RFC3219/Output/ > >Find BSD-licensed proof-of-concept code at >http://www.vovida.org/downloads/trip/trip-1.0.0.tar.gz > >If someone could incorporate this into Asterisk and extend the >functionality, that would be pretty nice. The basic ENUM support in >Asterisk already can handle specific number paths, but I think TRIP or >something like TRIP would be best for handling situations where larger >groups of numbers need to be "advertised" into a routing table behind a >particular Asterisk server. Think "BGP for phone numbers."I'm sorry, but I see no real benefits to TRIP over ENUM. Large amounts of data in DNS databases have not been a real problem yet, provided the tree is delegated properly (as ENUM does), and works quite effectively due to caching. TRIP only makes it harder for widespread use to deal with such things as number portability (can't ever do that with IP, remember). As far as I can tell from the TRIP docs this looks a lot like some big telco tries to make it more difficult for customers to move to another telco and still use their old number... Florian