Simon Horne wrote:
I am not a fan of TLS as it has the inherent issue of being hop-by-hop. Unless you can verify the entire signaling path is secure then it is useless. Certainly you can verify from you endpoint to the gatekeeper is secure but what about beyond that. Certainly for small closed deployments it can be useful but for large adhoc network it can be problematic.
I do agree that end-to-end encryption would be even better. The people making endpoints could make that happen. ;-) But TLS also has 2 big benefits:
- is pretty easy to implement on to of an existing stack with H.235.6 (I did all the TLS work pro-bono as a side-project with no sponsorship)
- TLS doesn't only protect the Diffie-Hellman exchange, but also all the meta data of the call (who is calling who and when)
Many years ago I developed an idea [...] TLS is not implemented other than with GnuGk.
Maybe thats one of the big problems, that nobody has implemented any protection of the Diffie-Hellman exchange since H.235.6 was passed (2005 ?), even so it explicitely mentions the need for TLS (or IPSec).
I fully agree that TLS has trouble scaling to a global solution, but that shouldn't be an excuse to leave all users unprotected in all situations for so many years. There are many scenarios we can easily solve by implementing the specs properly that are already in place.
Regards, Jan