|
Apr7Written by:Martin
07.04.2008 18:05  SwyxWare v7.0 is supposed to support voice data encryption. Today we had a discussion about if and how to show a SwyxIt! user if the audio data is encrypted or not. We plan three modes of operation an administrator can choose for a SwyxWare installation: Forbid encryption, let client decide and only allow encrypted connections. SwyxWare v7.0 is supposed to support voice data encryption. Today we had a discussion about if and how to show a SwyxIt! user if the audio data is encrypted or not. We plan three modes of operation an administrator can choose for a SwyxWare installation: Forbid encryption, let client decide and only allow encrypted connections. When two SwyxIt! users talk together the voice data can be encrypted between both applications. That connection could easily be shown as encrypted. But what if a SwyxIt user talks to someone connected via SwyxGate and ISDN. The voice data would be encrypted between SwyxIt and SwyxGate, but in the ISDN network the data is not encrypted. The same would be true for call via LinkManager. Even if a SIP provider would support encryption, which is probably very rare right now, we cannot know if the encryption is end-to-end. Should SwyxIt show such a connection as encrypted? Same for connections via Mobile Extension Manager. The part in the LAN could be encrypted, but the GSM part would not. The problem is even more complicated. Even with two SwyxIt clients the voice data could be sniffed by malware installed on one of the PCs. SwyxWare cannot know that. Should we display the connection as encrypted anyway? The most important question here is: What would a SwyxIt user expect when there's some kind of encryption symbol shown on the user interface similar to the lock symbol in a browser? Most users do not have knowledge about the inner workings and how the data is transmitted. How would they interpret such a symbol? During the discussion a colleague suggested to not shown any encryption symbol at all. Personally I more and more tend to that approach. The discussion is not finished. If you have an opinion, please let me know and leave a comment. Tags: 3 comment(s) so far...
Re: Secure or not secure? When SwyxWare supports encryption I think it will be necessary to show a secure / not secure conversation in some way. Why? Not because of the end user, but because of admin. In the time to come questions about VoIP and security will surface. To make sure admins are confident about security and SwyxWare you need to indicate when a call is secured or not. The best parallell to this I think will be HTTP/HTTPS. What does that tell the user? HTTPS will be encryption between the client (browser) and the server. But it does not mean that connection from that server to backend systems like a database or filesystem is encrypted. I think you should focus on what SwyxWare does, that is your product. If you have encryption between the client and server you have done your 'job'. Of course the prerequisites of an encrypted connection needs to be documented. By morten.rokosz on
07.04.2008 18:35
|
Re: Secure or not secure? The analogy to HTTP/HTTPS does not completely fit. You're right that a user who sees the lock symbol in his browser assumes that the connection between his browser and the web server is encrypted. He has probably no idea how this information is secured after it reaches the website. Most users implicitly assume that they stay secure on the server side. But if user A talks to User B using a SwyxIt! showing "connection is encrypted", I'm pretty sure that A would assume that his connection to B is encrypted, even if B is an external user called via SwyxGate and ISDN. It's about user expectations.
I agree however, that we should have an indicator for administrators, e.g. in the active calls list in SwyxWare Administration.
There's another aspect I've not yet mentioned. Voice data (RTP) will be encrypted using the standard SRTP protocol. But we will not have call control encryption in the first version, i.e. the SIP messages to establish a call will be unencrypted. The encryption key exchange (MIKEY protocol) inside the SIP messages will be always encrypted, of course, but normal call control messages like INVITE are not. But would an end-user know the difference? What does he or she think when SwyxIt shows an encryption symbol? Is it really enough to document the meaning of such a symbol in the manual?
I'm looking forward to more opinions. Everything I get will be mentioned in our internal discussion, of course. And eventually I'll post the result. By Martin on
07.04.2008 21:13
|
Re: Secure or not secure? User A talking to user B will always be an internal call. Internal calls peers and both UAs need to support encryption. As they will if both is SwyxIt!. If A is SwyxIt! and B is SwyxPhone you will not have encryption and no encryption symbol will be used. Since SwyxWare is a PBX type of system, all external calls will be from User (internal) to other device using some kind of trunking. If I call a external user on a SIP Trunk service, does my internal user on SwyxWare peer with the end user? Or is it the LinkManager peering with the provider softswitch? I think some kind of identification in Active Calls will be sufficient, thats the place for Admins to look. The average user will not care about this I think. If you asked one today, they would probably think their call is 'secure' already. By morten.rokosz on
08.04.2008 07:32
|
|
|