[Standards-JIG] Jingle vs. Zoep

dirk.griffioen@voipster.com dgriffioen at voipster.com
Wed Feb 15 23:08:07 UTC 2006


Jean-Louis Seguineau wrote:

>No doubt these are definitively serious concerns. But in all fairness, we
>are here to discuss the merits of two different approaches from a protocol
>stand point. The people on the Zoep's side have been trying to bring
>relevant information to the list to allow us to make an informed decision.
>
>  
>
Besides this mailing list, is there anything I can do to help here? 
Maybe start a wiki page with a comparison matrix of some sorts?

>IMHO, just stating a list of concerns is not fair, if not considered in
>context, and illustrated with examples. I must be a little stupid, because I
>cannot figure out how some of the 7 points may apply when taken in the
>context of Zoep, sorry. 
>  
>
I would agree.

>Peter, your legitimate objections would gain greater weight and
>consideration if you were to give examples of where these concerns apply in
>the context of Zoep. You always advocate examples as very important, and I
>will be last to deny their usefulness. Without examples, this 7 points list
>will only resemble common marketing BS you can read here and there. This is
>not what we want, do we?
>
>And may I also suggest differentiating between the p2p (XMPP only tunnel)
>and the pc-pstn (XMPP/SIP/POTS gateway) context.
>
>  
>
You may, I have been trying to accentuate this.

>P.S. I also believe this same explanation would have to be done for the
>Jingle side. But we already have a framework shaping up to compare the two
>technologies, don't we?
>
>-----Original Message-----
>Message: 2
>Date: Mon, 13 Feb 2006 16:35:30 -0700
>From: Peter Saint-Andre <stpeter at jabber.org>
>Subject: Re: [Standards-JIG] Jingle vs. Zoep
>To: Jabber protocol discussion list <standards-jig at jabber.org>
>Message-ID: <43F117C2.5070906 at jabber.org>
>Content-Type: text/plain; charset="iso-8859-1"
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>dirk.griffioen at voipster.com wrote:
>
>  
>
>>>>>as
>>>>>secure as both XMPP and SIP are.
>>>>>    
>>>>>          
>>>>>
>>SIP is secure? Authentication is OPTIONAL. From addresses are not
>>validated and checked. Interdomain communications ("federation") is
>>still a mess. Sure you can use sips: URIs (forcing TCP and TLS) but most
>>implementations out there will still use the old sip: URIs (UDP, no
>>TLS). It's like Jabber in the jabberd 1.0 days (1999-2000) when we
>>didn't have dialback.
>>
>>  
>>    
>>
>>>Does jabber then validate 'from' - in a way more than syntactically
>>>checking if things are ok? Maybe I am missing the point, but why is this
>>>so important? 
>>>      
>>>
>
>Makes it relatively to do the following:
>
>1. Send unsolicited communications.
>
>2. Launch deregistration attacks.
>
>3. Perform call flooding.
>
>4. Terminate calls from a third party.
>
>5. Hijack sessions.
>
>6. Perform unauthorized call transfers.
>
>7. Register unauthorized devices.
>
>And yes I consider those fairly serious.
>
>Peter
>
>
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060216/308a68a6/attachment.html>


More information about the Standards mailing list