SIP in higher education

[Duane <>]

Ben Teitelbaum wrote:

> > >   Partial Solution 1: TLS encryption of SIP can ensure that
> > > originators are who they claim they are via root certification
> > > process.  However, this is still some time away and is operationally
> > > complex.  Most SIP operators are not currently very interested in
> > > the overhead of this method, and getting root certificates is
> > > considered administratively complex as it requires paperwork from
> > > other portions of the organization in many cases.

I posted to the asterisk security list the other day asking about 
opportunistic encryption for SIP/IAX, similar to SMTP-TLS, which is 
surprisingly wide spread considering nothing is mandated by anyone. One 
of the other hobbies I started was CAcert.org and the level of entry 
(and more importantly cost) for identity certificates is fairly low and 
both ways may overcome the bigger problem long term especially if 
something can be done sooner or later.

This doesn't cover the problem of CID spoofing on existing phone numbers 
specifically, this might be a suitable solution if you added an 
additional OID in certificates to include valid phone numbers, I haven't 
really considered this option although it's probably more suitable then 
SPF since the end point could do the verification rather then SIP 
servers (although the sip server could also I guess).

--

Best regards,
 Duane