[77998] in North American Network Operators' Group
Re: Vonage complains about VoIP-blocking
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Feb 15 20:49:18 2005
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Sean Donelan <sean@donelan.com>
Cc: "Hannigan, Martin" <hannigan@verisign.com>,
North American Noise and Off-topic Gripes <nanog@merit.edu>
In-Reply-To: Your message of "Tue, 15 Feb 2005 20:21:37 EST."
<Pine.GSO.4.58.0502152015130.16931@clifden.donelan.com>
Date: Tue, 15 Feb 2005 20:48:04 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <Pine.GSO.4.58.0502152015130.16931@clifden.donelan.com>, Sean Donela
n writes:
>
>On Tue, 15 Feb 2005, Hannigan, Martin wrote:
>> > Unfortunately, TFTP is the only protocol that many phone vendors
>> > implement -- and VoIP operators aren't happy about it. Some
>> > vendors have
>> > started implementing HTTP(S), but it's far from common at this point.
>>
>> Wouldn't there be a fee to utilize https?
>
>Only if you like giving $995 to Verisign for fancy SSL certificates.
>
>Most https phones can use locally issued X.509 certificates for the
>download. Some use a manufacturer issued root certificates if you
>want to get fancy and use code signing, etc.
>
>Not the same problem as Microsoft Internet Explorer trusting every
>root certificate in its cache. IP phones usually have a very short
>certificate trust list in the phone.
>
Precisely. You not only don't need a Verisign cert for this, you don't
want one. The phone should trust the authorized operator, which bears
no relationship to an identity that Verisign (or whomever) attests to.
The really interesting question, to me, is how to let users provision
their phones to talk to the operator of their choice. The simplest
solution is probably something like a SIM; it would contain the
customer subscription data and the operator's CA certificate.
Switching providers would be as simple as switching SIMs. (Of course,
that assumes that this time we can avoid SIM-locking nonsense....)
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
