[governance] What Will Happen [@ NARALO/ALAC/CCNSO?]

Karl Auerbach karl at cavebear.com
Sun Dec 16 21:53:04 EST 2007 

yehudakatz at mailinator.com wrote:
> Found an older article that explains Nuestar's stratgies:
> http://www.webwereld.nl/articles/41063/neustar-ceo-touts-dns-voip-plans.html
> 
> NeuStar CEO touts DNS, VOIP plans

> What is the status of SIP-IX here in the United States? 
> SIP is going to be to the Internet what Signaling System 7 [SS7] has been to
> the voice world.

Take care when reading the hype about SIP.  SIP may well become one of 
the failures in the world of internet protocols.

SIP, which was intended to be a reaction to the complexity of H.323, has 
become hyper-complex mish-mosh of good ideas, middling ideas, and 
downright dumb ideas.  It uses just about every encoding system under 
the sun except EBCDIC - it uses a large dollop of SMTP blended with a 
ladle of HTTP with a touch of SDP and a recent addition of XML.  It's 
the internet protocol equivalent of a camel - a racehorse designed by a 
committee.  In SIP there are often several ways of expressing the same 
thing, and when I say "several ways" the combinatorics are such that the 
same call setup could be expressed in literally millions of different 
ways.  SIP is being used not as a foundation for phone calls, rather 
there are two or three internet drafts a week extending SIP into things 
that have only the most tenuous relationship with phone calls - like 
calendaring or sharing text.

SIP calls to mind the the Vasa - the museum is worth a visit if you are 
ever in Stockholm.  http://en.wikipedia.org/wiki/Vasa_(ship) - the Vasa 
was a ship that was extended so far beyond its original design 
constraints and ended up sinking, in year 1628, in a mild breeze on its 
maiden voyage across the harbour in Stockholm.

Knocking SIP implementations off the air is trivially simple.  I 
remember at one SIP interoperability even when someone said "My SIP 
stack is implemented in Python, it's impregnable".  So I just sent it a 
call request with a length field with a leading zero.  Python 
interpreted it as an octal number, and his stack ended up emitting a 
Python stack traceback.  Many SIP implementations died a horrible death 
when I sent 'em calls containing URI's with trailing dots at the end of 
the domain name part of the called URI - perfectly legal according to 
the SIP specifications.

Last spring at the Interop Labs in Las Vegas I did a demo in which I 
injected a third party voice into an existing call.  And I wasn't even 
in a "man in the middle position" where I could have potentially done 
really nasty things like deleting every instance of the word "no" (a 
difficult recognition task, but not impossible, especially if the 
caller's voice has been heard and previously analyzed and characterized.)

SIP is not well constrained and implementations may tend to crumble when 
most needed.  SIP is such that devices that work today may readily, and 
from my experience are likely to, fail when called or when calling 
future SIP implementations.

There's a lot of cool and useful stuff out there with SIP.  I have a 
pile of SIP phones at home and at work, I run several interconnected 
Asterisk servers, and I'm connected to the PSTN via a couple of 
SIP<->PSTN providers.  But SIP is something that is to be taken with a 
large grain of salt (an English idiom meaning that the thing should be 
viewed with skepticism and used with care and with the expectation that 
it won't work correctly.)

		--karl--

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list