Microsoft files EU Android complaint

James Knott james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Fri Apr 12 20:21:21 UTC 2013


D. Hugh Redelmeier wrote:
> In any case, because it was closed and undisclosed, nobody could be
> sure of anything good.  Which means one should assume the worst.
>
> (Encryption is technically easy but authentication is where all the
> challenges are.  Authentication is the weakest link.  Without
> authentication, encryption is useless against man-in-the-middle
> attacks.  I don't know a darned thing about Skype authentication.)

If you're really concerned, use a VPN.

> The SIP infrastructure is a bit weak.  It isn't conventional to have
> end-to-end encryption and I don't know of universally accepted
> protocols for negotiating encrypted links.  Furthermore, dealing with
> NAT has gotten middlemen involved in each call.
>
> Quality of Service with SIP hasn't been that great in my experience.
> Skype is reputed to be better.

The quality of SIP, as with Skype and other real time voice/video 
services depends on the quality of your connection.  The public Internet 
is generally good enough, but to provide consistent good quality, you 
need QoS.  I have VoIP from Rogers for my home phone and it's actually 
better quality than I used to get from Bell.  But then, Rogers controls 
their network and can provide appropriate QoS.  MPLS is one means of 
providing QoS over a public network.

>
> Finally, one strength of SIP has been that ITSPs can offer you "DID"s
> (plain old phone numbers).  But that forces middlemen on you for
> those calls.
Actually, with 100% VoIP calls, the provider is only used for setting up 
the call.  Once that happens, they drop out and communications is direct 
end to end.  Of course, the provider is still needed if you're calling a 
POTS phone. to convert from VoIP to the traditional phone network.

> I don't want my communications to be "owned" by a company, especially
> one that is a sole provider.  Especially one that makes its living
> selling user profiles to advertisers.
>
> Even if all your "content" is end-to-end encrypted, traffic analysis
> is a powerful surveillance tool.  This is the equivalent to "pen
> register" for phone surveillance

How is that any different from the traditional phone network?  If 
anything VoIP calls are harder for them to deal with.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list