On Tue, Feb 15, 2005 at 01:45:05PM -0500, Eric Gauthier wrote:
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth certain applications use.
Something else to consider. We block TFTP at our border for security reasons and we've found that this prevents Vonage from working. Would this mean that LEC's can't block TFTP?
This is a significant issue. Vonage is complaining about what are purportedly deliberate actions to block their service, while at the same time trying to sweep under the rug that *they have chosen to provide their service using insecure protocols that some carriers might quite reasonably choose to filter*. If their -- centrally-provided: everything is forced through their SIP proxy anyway, resulting in a voice network architecture that really looks like a giant corporate VoIP PBX -- service were actually properly resistant to tampering and random-adversary eavesdropping, it would *also* have the property that it were opaque to intermediate networks: providers blocking SSL or ESP to Vonage's proxies would _clearly_ have no motivation to do so save interference with Vonage service. It is my general impression of Vonage that they are very, very savvy about gaming what they percieve as the regulatory trend at the Federal level in an attempt to cut technical corners and thus grow their service faster than they could if they consistently did things "right". The history of their many, many wiggles on 911 access shows this pretty obviously, I think, and here I believe we have another case: they want to try to get regulatory agencies or the courts to force intermediate networks to let their packets through (by claiming all such filtering _must_ be deliberate) rather than actually doing what, on technical grounds, they ought to do anyway, and provide real security to their customers. It is understandable, and probably a viable economic and political strategy, but that doesn't really make it right. It behooves those of us who understand the actual underlying technical issues (e.g. telco routing and human factors issues with Vonage's so-called 911 service; man-in-the-middle and eavesdropping issues with Vonage's totally unsecured TFTP boot and SIP services from each ATA) to do our best to point them out, so that, if possible, coercive regulatory decisions are not made on the basis of smoke and mirrors. Thor