[Standards-JIG] Jingle vs. Zoep

Jean-Louis Seguineau jean-louis.seguineau at laposte.net
Tue Feb 14 08:38:55 UTC 2006


No doubt these are definitively serious concerns. But in all fairness, we
are here to discuss the merits of two different approaches from a protocol
stand point. The people on the Zoep's side have been trying to bring
relevant information to the list to allow us to make an informed decision.

IMHO, just stating a list of concerns is not fair, if not considered in
context, and illustrated with examples. I must be a little stupid, because I
cannot figure out how some of the 7 points may apply when taken in the
context of Zoep, sorry. 
Peter, your legitimate objections would gain greater weight and
consideration if you were to give examples of where these concerns apply in
the context of Zoep. You always advocate examples as very important, and I
will be last to deny their usefulness. Without examples, this 7 points list
will only resemble common marketing BS you can read here and there. This is
not what we want, do we?

And may I also suggest differentiating between the p2p (XMPP only tunnel)
and the pc-pstn (XMPP/SIP/POTS gateway) context.

P.S. I also believe this same explanation would have to be done for the
Jingle side. But we already have a framework shaping up to compare the two
technologies, don't we?

-----Original Message-----
Message: 2
Date: Mon, 13 Feb 2006 16:35:30 -0700
From: Peter Saint-Andre <stpeter at jabber.org>
Subject: Re: [Standards-JIG] Jingle vs. Zoep
To: Jabber protocol discussion list <standards-jig at jabber.org>
Message-ID: <43F117C2.5070906 at jabber.org>
Content-Type: text/plain; charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dirk.griffioen at voipster.com wrote:

>>>> as
>>>> secure as both XMPP and SIP are.
>>>>     
> 
> SIP is secure? Authentication is OPTIONAL. From addresses are not
> validated and checked. Interdomain communications ("federation") is
> still a mess. Sure you can use sips: URIs (forcing TCP and TLS) but most
> implementations out there will still use the old sip: URIs (UDP, no
> TLS). It's like Jabber in the jabberd 1.0 days (1999-2000) when we
> didn't have dialback.
> 
>   
>> Does jabber then validate 'from' - in a way more than syntactically
>> checking if things are ok? Maybe I am missing the point, but why is this
>> so important? 

Makes it relatively to do the following:

1. Send unsolicited communications.

2. Launch deregistration attacks.

3. Perform call flooding.

4. Terminate calls from a third party.

5. Hijack sessions.

6. Perform unauthorized call transfers.

7. Register unauthorized devices.

And yes I consider those fairly serious.

Peter





More information about the Standards mailing list