[Asterisk-Users] Voip as a secure service?

[Michael Graves]

Hi All,

I was just reading through Info Week while on a flight and happened
upon an brief piece about a new VOIP security intiative worked up by a
handful of the usual suspects; Alcatel, SMU, NIST, Symantec, etc. All
of this begs the question of can't we get just do this as a user
community?

I understand that the Zultys phone, which I own several, support AES
encryption of the RTP stream. There's been some preliminary work on
encrypted IAX2 streams. We're moving in the right direction. How does
effort towards srtp and the like compare/contrast to VPN based
connectivity?

Forgive the simplistic question, but how compute intensive is a VPN?
Could an ITSP like VoipJet or Nufone offer termination over a VPN based
connection for a premium rate? Their rates are very low already. Would
someone/anyone care enough to pay a premium for the service? Maybe
double the usual rate? Is that adequate incentive for ITSPs to offer
the service? Are there legal/CALEA implications?

I understand that at present secure voip has been fundamentally the
domain of larger enterprises that need to secure geographically
disperse organisations over owned or hired WAN infrastructure. I work
for an SME, yet my primary access to my email is via a PPTP tunnel to
an Exchange server some 3000 miles away. If we wanted to deploy our own
infrastructure we could use secure voip between locations, but not
through ITSPs...at least not yet.

It's a very interesting area, one that could be an interesting business
in the near future.

Michael
--
Michael Graves                           mgraves at pixelpower.com
Sr. Product Specialist                          www.pixelpower.com
Pixel Power Inc.                                 mgraves at mstvp.com

o713-861-4005
o800-905-6412
c713-201-1262