Does anyone know a list of VoIP providers in Switzerland who can port in a number block?
I'm looking for one which supports SIPS (via TLS) and SRTP and can do trunking to a PABX of my choice. The big guys only support their own certified crap and the small ones don't support privacy required features which changed post Snowden from "want to have" to "absolutely mandatory" feature.
Andreas Fink DataCell ehf, Backbone ehf, Cajutel Inc, Alisanus GmbH ------------------------------------------------------------------ c/o Alisanus GmbH Clarastreasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org mailto:andreas@fink.org https:// https://www.fink.org/www.fink.org https://www.fink.org/ Mobile: +41-78-6677333 Office: +41 61 6666330 Skype: andreasfink Jabber/XMPP: andreas@fink.org mailto:andreas@fink.org ICQ: 8239353 ------------------------------------------------------------------
as far as I know, none of big ITSP's support encryption. Anyway it would be an encryption till the provider edge, but not further.
but you can set up a gateway in the cloud which would terminate your encrypted voice traffic. This gateway could be placed close to the ITSP network, or even have a direct link to them.
But in general, it's easier not to use telephone for anything that could be used against you :-))
On Tue, Jan 19, 2016 at 4:40 PM, Andreas Fink afink@list.fink.org wrote:
Does anyone know a list of VoIP providers in Switzerland who can port in a number block?
I'm looking for one which supports SIPS (via TLS) and SRTP and can do trunking to a PABX of my choice. The big guys only support their own certified crap and the small ones don't support privacy required features which changed post Snowden from "want to have" to "absolutely mandatory" feature.
Andreas Fink DataCell ehf, Backbone ehf, Cajutel Inc, Alisanus GmbH
c/o Alisanus GmbH Clarastreasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org https://www.fink.org Mobile: +41-78-6677333 Office: +41 61 6666330 Skype: andreasfink Jabber/XMPP: andreas@fink.org ICQ: 8239353
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Maybe they even would resist to provide encryption due the bigger effort to confirm Buepf-x but who cares about encryption on one end when the other end is open (PSTN/other ISP/Client) Encryption with man in the middle is futile or at least need a lot of trust.
My five cent...
On 19/01/2016 12:02, Stanislav Sinyagin wrote:
as far as I know, none of big ITSP's support encryption. Anyway it would be an encryption till the provider edge, but not further.
but you can set up a gateway in the cloud which would terminate your encrypted voice traffic. This gateway could be placed close to the ITSP network, or even have a direct link to them.
But in general, it's easier not to use telephone for anything that could be used against you :-))
On Tue, Jan 19, 2016 at 4:40 PM, Andreas Fink afink@list.fink.org wrote:
Does anyone know a list of VoIP providers in Switzerland who can port in a number block?
I'm looking for one which supports SIPS (via TLS) and SRTP and can do trunking to a PABX of my choice. The big guys only support their own certified crap and the small ones don't support privacy required features which changed post Snowden from "want to have" to "absolutely mandatory" feature.
Andreas Fink DataCell ehf, Backbone ehf, Cajutel Inc, Alisanus GmbH
c/o Alisanus GmbH Clarastreasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org https://www.fink.org Mobile: +41-78-6677333 Office: +41 61 6666330 Skype: andreasfink Jabber/XMPP: andreas@fink.org ICQ: 8239353
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Gentlemen,
First and foremost, speaking from personal experience, one advantage of SIP via TLS is that >99% of all unsolicited and unwanted requests I observe daily come in as plain SIP on port 5060. (Yes, changing the port would be a similarly effective mitigation against these, but why do we have well-known ports in the first place?)
On the encryption issue... It is simply best practice to not expose data unnecessarily. It is already an achievement that slowly the adoption of meta data and transport encryption is happening in the voice world. As always, you have to start from somewhere to work towards a goal. Reducing the data exposure down to only state mandated and (hopefully) supervised Lawful Interception is a goal that is worthwhile to pursue within the concept of the PSTN. Moving everything from private lines to the public internet is a recipe for disaster.
After all, rudimentary support for encryption is one of the few things that can be counted as an improvement when migrating from ISDN to VoIP.
That said, of course the security provided with SIP+TLS+SRTP in the end is debatable. I haven't yet seen any use of certificate pinning in SIP trunks :-) Generally I would not communicate sensitive information over the PSTN or infrastructure in general, where I don't know and trust all of the parties that have access to it.
Cheers, Michael
-
Andreas Fink -
Michael Horn -
Roger -
Stanislav Sinyagin