[Asterisk-Users] Voip as a secure service?

[Steve Kann]

Michael Graves wrote:

>Hi All,
>
>I was just reading through Info Week while on a flight and happened
>upon an brief piece about a new VOIP security intiative worked up by a
>handful of the usual suspects; Alcatel, SMU, NIST, Symantec, etc. All
>of this begs the question of can't we get just do this as a user
>community?
>
>I understand that the Zultys phone, which I own several, support AES
>encryption of the RTP stream. There's been some preliminary work on
>encrypted IAX2 streams. We're moving in the right direction. How does
>effort towards srtp and the like compare/contrast to VPN based
>connectivity?
>
>Forgive the simplistic question, but how compute intensive is a VPN?
>Could an ITSP like VoipJet or Nufone offer termination over a VPN based
>connection for a premium rate? Their rates are very low already. Would
>someone/anyone care enough to pay a premium for the service? Maybe
>double the usual rate? Is that adequate incentive for ITSPs to offer
>the service? Are there legal/CALEA implications?
>
>I understand that at present secure voip has been fundamentally the
>domain of larger enterprises that need to secure geographically
>disperse organisations over owned or hired WAN infrastructure. I work
>for an SME, yet my primary access to my email is via a PPTP tunnel to
>an Exchange server some 3000 miles away. If we wanted to deploy our own
>infrastructure we could use secure voip between locations, but not
>through ITSPs...at least not yet.
>
>It's a very interesting area, one that could be an interesting business
>in the near future.
>  
>

It would be pretty easy for these service providers to allow users to 
use a VPN tunnel to connect to them;  I think the compute expense of 
this probably would be less than the compute expense of codec translation..

Setting up OpenVPN for users is pretty easy as well..

-SteveK