Scott, welcome back, your absence was felt!
>>It's funny how the corporations trying to move into the 'net are just starting to experience and think about the things that hackers have been doing for years ...<<
Sure is. A funny thing came to me during some research this week. It dawned on me that the new ITSP genre was doing nothing (yet) except to emulate the processes and constructs of PSTN technologies. That'll change, gradually, but not in the immediate future where large scale rollouts are concerned.
When I addressed the area of security, it became evident that security was one of the areas that the startups had nothing to fall back on, looking at the PSTN as a model, in the way of historical precedent to emulate, since switched services have always been considered secure, for all intents and purposes.
This is not so with IP, whether the factors involved are real or imagined. The protocol inherently lends itself to address spoofing, and many other highly cultivated penetration and data collection [hacking] techniques that have been used by good guys and bad, alike, since the Seventies.
Consequently, "secure voice" services made possible through cumbersome encryption techniques, using the traditional PSTN circuit switched modality, were limited to government and military purposes, for the most part, and to a lesser extent in certain high-profile commercial applications demanding of the highest levels of security.
>>So the solutions can be built quickly ... unless burdened by corporate red tape and paperwork ... ;-) <<
I think you've only touched the surface here, although our points are well taken.
Where does the encryption take place on Phone to Phone hookups? In the gateway? That would require public key administration among a plurality of carriers and ISPs, wouldn't it?
How about dynamically configurable applications that may depend on a number of different end-point permutations throughout a session, dependent on the particulars of interactive flows? Such as dynamic admissions to live multicast/or multipoint conferencing applications, say? Or collaborative workgroup sessions? You get the idea, without me running the entire list here.
Also, I think that government regs concerning this subject are equally onerous when it comes to getting approvals for international use. What then? Secure domestic, but international goes in the clear?
I'm going to look up those urls later on, and get back to you. I'm almost certain, however, that they will give me more to nit pick about... Perhaps this is one of those hidden enablers that will make PC to PC seem like a more attractive alternative for some. <smiles>
Thanks, and Regards, Frank Coluccio |
