Aswath Weblog

P2P, SIP and Security

For the past couple of days, Erik has posted discussions on SIP based P2P and security issues. These discussions are in audio format and are really interviews with Cullen Jennings, Rohan Mahy and Erik’s interview to Voxilla. The following is a quick summary and my thoughts. But it is different to summarize an audio portion compare to a written one – it is easier to go back to a written page; it is easier to search for a segment. This is to suggest that I might not have fully got the points made by the speakers. If you have not already heard these pieces, you may do well to give a listen.

Erik and Cullen talk about an ad-hoc meeting of people interested in SIP based P2P system at the recent IETF meeting. It really looks like this meeting was a big “tent” because it included people who are interested in this technology for different applications. Cullen specifically describes three groups:

1. The first group is interested in establishing a communication system in a “mesh” or “ad-hoc” network environment. This technology is being evaluated by defense departments and emergency response organizations. The idea is that each individual will have a wireless device that is capable of communicating with other devices in the vicinity. These devices will use P2P mechanism. Given the critical nature, it is imperative that there be an industry standard. If you recall during 9/11, two incompatible radio systems further imperiled the heros of the first responders in New York city. So I hope companies like Motorola participate in this standards process and the emergency organizations insist on industry wide standards compliance.
2. The second group is interested in storing data in a distributed manner without requiring central servers. But Cullen points out that the data need to be stored in multiple places, but it is not clear how much redundancy is sufficient. He says this is an open question. I, on he other hand, feel that no number will be enough. Usually people come up with a number based on the assumption that the probability that one storage device will not be available is independent of the status of others. But this assumption will not be valid. It is interesting to note that Skype voice mail is not stored in a centralized server and does not use a P2P scheme.
3. The third group is bent upon recreating Skype but using an open and standard mechanism. It looks like a response born out of bravado or envy. After all Skype claimed derisively that SIP is not upto the task of P2P and so somebody has to show it. But what is being missed by this group is that there are no good reasons for creating a P2P communications system. Take a look at the comment posted by David Barrett.There is a material advantage in Skype being a closed system. It is not apparent that owners of supernodes may be able to discern the calling patterns of other users. But it is not clear how an open system based on SIP can provide similar protection.