[SIP Beyond VoIP] Sylkserver Participant Management

Adrian Georgescu ag at ag-projects.com
Tue Jul 16 13:23:00 CEST 2013


There are many successful projects out there being based on the idea of ungueasable URIs. TAHOE file system for example is a completely distributed FS with no management. Your client is the only one that knows the URIs. If your device is compromised of course is a completely different matter. Microsoft can also listen to your Skype calls as they have access to both the client and the server.

Basically, we implemented enough anonymity and privacy in SylkServer for those who care for almost zero cost. Beyond this, any management scheme requires some serious development.

Adrian

On Jul 16, 2013, at 1:13 PM, Michael Procter <michael at voip.co.uk> wrote:

> Yes.  A randomly generated room name is reasonably safe against
> guessing, assuming a long enough and random enough name.  That isn't
> my point.
> 
> My point is that protecting against guessing, whilst useful, is not
> the only concern.  I gave an example of a simple mechanism to learn
> the room name, which will work in most enterprise-like environments.
> In particular, devices in those environments are quite likely to both
> implement the dialog event package and also permit all subscriptions
> to be honoured, since many assume that "the PBX" will look after
> security.
> 
> I am not suggesting that a more sophisticated conference admissions
> check needs to be implemented urgently, simply that you shouldn't rule
> it out based on the idea that long random names are unguessable and
> therefore secure!

> 
> Michael
> 
> On 16 July 2013 12:04, Adrian Georgescu <ag at ag-projects.com> wrote:
>> Secondly, this is not guessing. This is when someone gave you this information either by accident or on purpose.
>> 
>> I challenge you to guess in which conference server and room I am right now connected to.
>> 
>> Where do you start solving this when you are some random bot over the Internet, what logic do you apply when you have no information at all? Start counting from 1 to infinity and probe all IP addresses in the universe?
>> 
>> Adrian
>> 
>> 
>> On Jul 16, 2013, at 12:50 PM, Michael Procter <michael at voip.co.uk> wrote:
>> 
>>> On 16 July 2013 11:35, Adrian Georgescu <ag at ag-projects.com> wrote:
>>>> How do you try in a sequence a random string?
>>>> 
>>>> wfewbehuwgr3uruo3pi503957823bc56 at conference.sip2sip.info
>>>> 
>>>> is a valid room.
>>>> 
>>>> How to you guess it?
>>> 
>>> SUBSCRIBE to the dialog event package on a device that has joined the
>>> conference.  Not all devices support it, but quite a few do.
>>> 
>>> Michael
>>> _______________________________________________
>>> SIPBeyondVoIP mailing list
>>> SIPBeyondVoIP at lists.ag-projects.com
>>> http://lists.ag-projects.com/mailman/listinfo/sipbeyondvoip
>>> 
>> 
> 



More information about the SIPBeyondVoIP mailing list