North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Vonage complains about VoIP-blocking

  • From: Thor Lancelot Simon
  • Date: Tue Feb 15 14:09:42 2005

On Tue, Feb 15, 2005 at 01:45:05PM -0500, Eric Gauthier wrote:
> > > On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
> > >> How is this any different then blocking port 25 or managing the bandwidth
> > >> certain applications use.
> Something else to consider.  We block TFTP at our border for security reasons 
> and we've found that this prevents Vonage from working.  Would this mean that 
> LEC's can't block TFTP?

This is a significant issue.  Vonage is complaining about what are
purportedly deliberate actions to block their service, while at the
same time trying to sweep under the rug that *they have chosen to
provide their service using insecure protocols that some carriers
might quite reasonably choose to filter*.

If their -- centrally-provided: everything is forced through their SIP
proxy anyway, resulting in a voice network architecture that really
looks like a giant corporate VoIP PBX -- service were actually properly
resistant to tampering and random-adversary eavesdropping, it would
*also* have the property that it were opaque to intermediate networks:
providers blocking SSL or ESP to Vonage's proxies would _clearly_ have
no motivation to do so save interference with Vonage service.

It is my general impression of Vonage that they are very, very savvy
about gaming what they percieve as the regulatory trend at the Federal
level in an attempt to cut technical corners and thus grow their
service faster than they could if they consistently did things "right".
The history of their many, many wiggles on 911 access shows this pretty
obviously, I think, and here I believe we have another case: they want
to try to get regulatory agencies or the courts to force intermediate
networks to let their packets through (by claiming all such filtering
_must_ be deliberate) rather than actually doing what, on technical
grounds, they ought to do anyway, and provide real security to their

It is understandable, and probably a viable economic and political
strategy, but that doesn't really make it right.  It behooves those
of us who understand the actual underlying technical issues (e.g.
telco routing and human factors issues with Vonage's so-called 911
service; man-in-the-middle and eavesdropping issues with Vonage's
totally unsecured TFTP boot and SIP services from each ATA) to do
our best to point them out, so that, if possible, coercive regulatory
decisions are not made on the basis of smoke and mirrors.