Hi All, I was just reading through Info Week while on a flight and happened upon an brief piece about a new VOIP security intiative worked up by a handful of the usual suspects; Alcatel, SMU, NIST, Symantec, etc. All of this begs the question of can't we get just do this as a user community? I understand that the Zultys phone, which I own several, support AES encryption of the RTP stream. There's been some preliminary work on encrypted IAX2 streams. We're moving in the right direction. How does effort towards srtp and the like compare/contrast to VPN based connectivity? Forgive the simplistic question, but how compute intensive is a VPN? Could an ITSP like VoipJet or Nufone offer termination over a VPN based connection for a premium rate? Their rates are very low already. Would someone/anyone care enough to pay a premium for the service? Maybe double the usual rate? Is that adequate incentive for ITSPs to offer the service? Are there legal/CALEA implications? I understand that at present secure voip has been fundamentally the domain of larger enterprises that need to secure geographically disperse organisations over owned or hired WAN infrastructure. I work for an SME, yet my primary access to my email is via a PPTP tunnel to an Exchange server some 3000 miles away. If we wanted to deploy our own infrastructure we could use secure voip between locations, but not through ITSPs...at least not yet. It's a very interesting area, one that could be an interesting business in the near future. Michael -- Michael Graves mgraves@pixelpower.com Sr. Product Specialist www.pixelpower.com Pixel Power Inc. mgraves@mstvp.com o713-861-4005 o800-905-6412 c713-201-1262
Michael Graves wrote:>Hi All, > >I was just reading through Info Week while on a flight and happened >upon an brief piece about a new VOIP security intiative worked up by a >handful of the usual suspects; Alcatel, SMU, NIST, Symantec, etc. All >of this begs the question of can't we get just do this as a user >community? > >I understand that the Zultys phone, which I own several, support AES >encryption of the RTP stream. There's been some preliminary work on >encrypted IAX2 streams. We're moving in the right direction. How does >effort towards srtp and the like compare/contrast to VPN based >connectivity? > >Forgive the simplistic question, but how compute intensive is a VPN? >Could an ITSP like VoipJet or Nufone offer termination over a VPN based >connection for a premium rate? Their rates are very low already. Would >someone/anyone care enough to pay a premium for the service? Maybe >double the usual rate? Is that adequate incentive for ITSPs to offer >the service? Are there legal/CALEA implications? > >I understand that at present secure voip has been fundamentally the >domain of larger enterprises that need to secure geographically >disperse organisations over owned or hired WAN infrastructure. I work >for an SME, yet my primary access to my email is via a PPTP tunnel to >an Exchange server some 3000 miles away. If we wanted to deploy our own >infrastructure we could use secure voip between locations, but not >through ITSPs...at least not yet. > >It's a very interesting area, one that could be an interesting business >in the near future. > >It would be pretty easy for these service providers to allow users to use a VPN tunnel to connect to them; I think the compute expense of this probably would be less than the compute expense of codec translation.. Setting up OpenVPN for users is pretty easy as well.. -SteveK