Hi Damien, > > 2.) relying on FWD is bad, we could and should use E164.org and > > E164.arpa for unified numbers, those are the official ones. Adding a FWD > > account on top of seconix is a "nice to have", but nothing more. > > > > not sure about this one, but it will be possible to specify his e164 > number for people who have one independantly of GM. sure. I was just supporting the point that we shouldn't rely on services that may turn out like pwcx or microtelco. Better run things on our own so we can tweak 'em to what *WE* want them to be. If it's a matter of hosting power, just let me know and i'll try to make something up. > > 3.) making ILS be completely removed is a controversial issue, as i'm > > not fully sure what professionals use it for with NetMeeting. We > > definitely need a Win32 fully fledged GM (or have a more popular > > OpenPhone/MyPhone) before making this step. > > Netmeeting is dead, H.323 people are using gatekeepers (+ LDAP > soemtimes), not ILS. Was just reminding that we shouldn't drop the focus on Win32. That is and will be a relevant platform for a company-wide VoIP infrastructure. So whatever GM future plans are, either of OpenPhone, MyPhone or GM/win32 should be able to connect to that infrastructure. > > > > 4.) we should keep in mind that SIP shall be passing new NAT technology > > easily within a hopefully decent amount of time. > > > > That's still to be proven. If SIP is going through NAT using RTP, then > there is no technical reason why H.323 wouldn't go through NAT either, > except if SIP replaces RTP by something else. Totally right. All i said was "shall" and i mean it. There has been an announcement that things need improvement and i hope it'll come one day. Yet you're totally right that SIP and H323 have the exact same problem and thus will be easy to be put working together if one of them is. However as the announcement was referring to SIP, i also did. That's all why. > > 5.) while all this discussion about how to technically ease things is > > going on.. has anybody looked into S/RTP or any SSL/TLS security for > > VoIP again? Have you been considering using TLS connections for the new > > LDAP? I think we should do that as passwords are by all means protection > > worthy. > > > > No me at least, I've gone in several companies and LDAP servers are > usually public inside those companies => no password to be able to > consult. I'm not that worried about company-intranet-stuff. More my focus was the user-registration to seconix and its updates which should be protected where possible (and TLS-LDAP is available). The other point was the VoIP connection itself. We should start over on seeing the business-part of H323/SIP which contains more than a "hi darling, i'm 10 min late for dinner", but real business contracts. If we want to play in the league of trustworthy connections and secured reliable telephones, we need some protection. I know S/RTP isn't the only way of doing this, but pushing it all off to IPsec & Co should be reconsidered every now and then. Loads of people are using https together with ssh-tunneling as "poor-man's-vpn", maybe we can offer them a TLS-encrpted H323 too. (Just reminding there's loads of lame netadmins out there, who have no idea how to setup VPN properly. Apart from that a VPN doesn't ensure traffic contents, it only makes it more reliable. Fake content will thus be transported in a more secure manner. Maybe some x509 PKI or something is possible to provide a means to safely identify a client.) -- Best regards, Kilian
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil