What's wrong with standards? Just stick with SIP/RTP based phones (and you can use Asterisk on OpenBSD for voicemail service and other features) and IPsec for security. If it's impractical to use IPsec for some types of users or most, for whatever reason, then you have to consider what the implications are. Skype claims to use a 256 bit AES based encryption algorithm but since they don't talk about how it works, nobody can verify that it's much harder to determine if it's implemented correctly, not to mention the fact that you involve their network and servers.
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > i searched the archives for messages about skype, but i didn't find anything > that addressed whether the skype service is safe or not. i did a google for > "skype security" and one of the first links talks about a couple serious > exploits of skype and the "glowing" (a.k.a. sponsored) review from dr. berson, > http://www.theregister.co.uk/2005/11/07/skype_vuln_analysis/ . > > i am very interested to hear what ppl on this list think about skype and its > security. i am very much disinclined to use such a product for encrypted VOIP > due to it being closed-source. are there any nice alternatives to this besides > using VOIP over a VPN? > > i think that encrypted VOIP would be a really nice thing to have in the > openbsd > base OS (due to the security of such an application being very important to > its > utility), but i suspect that the issue of standards is complicating. not to > mention that those of the "shut up and code" orientation will tell me just > that ;). > > cheers, > jake -- "You were about to change the channel when God healed you" -- Benny Hinn
