[p2p-hackers] Is P2P SIP Poised to Out-Hype Skype? (Voxilla)

David Barrett dbarrett at quinthar.com
Mon Aug 22 09:23:23 UTC 2005 

Yes, you are right.  I didn't mean to dispute the possible 
security/privacy/law-evading advantages of a pure-decentralized solution 
for extreme users.

I mearly meant to question the practical advantages for the 
ultra-majority of real-world users who are not in disaster zones, 
deserts, evading law enforcement, at risk of corporate espionage, 
participating in organized crime or terrorist cells, freedom fighting, 
politically agitating, or otherwise overtly distrustful of the powers 
that be.

After all, current telephones have virtually no security, but are widely 
popular with literally billions of users.  I'd rather the IETF focus on 
the billions of mainstream users (simplifying the use of federated SIP 
servers based on DNS records, just like email), who have rather uniform 
and simple needs, than get caught up worrying too much about the diverse 
and complex needs of the hard-core fringe.

In the end, the hard-core fringe will certainly take care of itself, for 
better and for worse, and probably by those who don't give a damn what 
the IETF thinks.

For example, you rightly pointed out the difficulty of getting SIP to 
work in NAT'd environments.  I'd prefer the IETF:

- Put more weight behind its BEHAVE recommedations, as well as
- Totally rethink/simplify/unify the STUN/TURN/ICE standards (possibly 
just create a SIP 2 standard that iterates on the whole protocol suite 
into one integrated, stramlined whole),

Before addressing the nonexistent need for a new P2P SIP standard.  The 
IETF can't do everything, so I want it to focus on what brings the 
greatest joy to the greatest number.


Anyway, with all that said, you mentioned NAPTR isn't widely deployed.  
I don't know much about it, but I do know SIP was envisioned to use it 
for looking up the proxy that manages a given SIP address (just like 
looking up the email server for an email address).  What can be done to 
accelerate its spread, or compensate for its absence?

-david

On Sun, 21 Aug 2005 7:52 pm, Enzo Michelangeli wrote:
> Well, you say that VoIP is not illegal. A lot of thing used not to be, 
> and
> were criminalized by statute; some, like encryption for the masses,
> managed to escape only because it was too late to enforce prohibition. 
> And
> in some countries, VoIP _is_, or may become, illegal, either for 
> political
> reasons (especially secure VoIP: ever heard of CALEA?) or just to 
> protect
> inefficient government monopolies (see e.g.
> http://www.techweb.com/wire/networking/60403862 ). In the end,
> unenforceability is Liberty's best friend.
>
> And then, there is the issue of ease of use: centralized solutions need 
> a
> multiplicity of providers, because nobody wants to see a FWD or 
> Sipphone
> close down or go commercial and start charging annual fees. But 
> multiple
> providers means multiple accounts, and, often, balkanized user bases
> unable to cross provider borders (as each provider likes to protect its
> flock from other shepherds -- or, with a probably more fitting 
> metaphor,
> its harem from other sultans ;-) ). This results in complications in 
> the
> setup and smallish user communities. The proof of the pudding is in the
> making: Skype, despite being far from ideal in terms of openness,
> certifiable security and interoperability, has 50 million users. How 
> many
> do FWD or Sipphone have?
>
> Actually, a system of centralized but open and interoperable telephone
> directories (based on the DNS) already exists, and it's called ENUM:
> essentially it allows to convert an E.164 telephone number into a (SIP,
> IAX, H.323...) URI. There is at least one independent and free 
> registrar
> offering ENUM service to the public: www.e164.org . Due to the 
> distributed
> caching operated by the DNS, the load on the actual registrar is quite
> small, further reducing its operating costs (it's like running a
> conventional authoritative DNS server). However, the DNS is by itself
> vulnerable to attacks: in Mainland China, for example, all the DNS 
> queries
> to foreign servers are transparently rerouted to internal servers that
> return answers with random RR's if the domain name is blacklisted (I've
> recently had to abandon em.no-ip.com because all the subdomains of
> no-ip.com were blacklisted, and so are dyndns.org's). A really robust
> directory service must be fully distributed (e.g., DHT based) and
> port-flexible, rather than relying upon well-known ports. Grafting 
> these
> characteristics over a DNS-based mechanism is also possible, although 
> not
> very convenient for non-technical users: see e.g. my namecache daemon
> (http://kadc.sourceforge.net/apps.html#namecache ), which however is
> presently limited to A records, and can't yet handle the NAPTR records
> used by ENUM.
>
> Cheers --
>
> Enzo
>
> P.S.
>
>
> ----- Original Message -----
> From: "David Barrett" <dbarrett at quinthar.com>
> To: "Peer-to-peer development." <p2p-hackers at zgp.org>
> Sent: Monday, August 22, 2005 9:13 AM
> Subject: Re: [p2p-hackers] Is P2P SIP Poised to Out-Hype Skype? 
> (Voxilla)
>
>
>>  I wrote some comments on Eric's blog (sipthat.com) detailing why I
> disagree:
>>
>>  http://sipthat.com/archives/000351.html
>>
>>  Aswath has another relevant article:
>>
>>  http://www.mocaedu.com/mt/archives/000168.html
>>
>>  Basically, I think P2P is useful to reduce legal vulnerability, obtain
>>  high security, minimize bottlenecks, and distribute computation.  None
>>  of these applies to SIP proxies, which are essentially directory-based
>>  "rendezvous" services.
>>
>>  That said, all of these certainly apply to the actual media components
>>  (audio, video, etc).  But these are generally RTP.  The SIP part is 
>> very
>>  low cost, low CPU, low bandwidth, and benefits from centralization.
>>
>>  My original comments to Eric's article follow:
>>
>>  -----Original Message-----
>>  From: David Barrett [mailto:dbarrett at quinthar.com]
>>  Sent: Tuesday, August 02, 2005 3:11 AM
>>  To: erik at sipthat.com
>>  Subject: Re: P2P VoIP using SIP and Open Standards
>>
>>  Hi, sorry for the late reply to your July 25th posting about P2P SIP,
> but
>>  you posed the question:
>>
>>
>>  >> Everyone is looking for a new solution for P2P VoIP, I think P2P
>>  >> SIP is the answer, do you?
>>
>>
>>  My answer is no, I don't believe P2P SIP is the key to P2P VoIP. More
>>  specifically, I don't think an IETF standard for decentralized SIP
> proxies
>>  will gain traction because it solves problems that nobody has, while
>>  complicating the problems that we do.
>>
>>  Now, I recognize VoIP will grow, and the actual media components will
>>  migrate to P2P. But I do not believe the SIP proxy component of the
> global
>>  architecture gains anything by being decentralized in this way.
>>
>>  My reasoning is based on the observation that P2P is primarily useful 
>> in
> two
>>  situations:
>>
>>  a) When a centralized solution is too costly
>>  b) When a centralized solution is legally vulnerable
>>
>>  Consider the case of Napster. A kid in a college dorm room was able to
> host
>>  a global rendezvous service (akin to a SIP proxy) for millions of
>>  simultaneous users, for free. Obviously, he didn't suffer from (a).
>>  But (b) was what took him down, and thus gave rise to Gnutella (et 
>> al).
>>
>>  But had (b) not occurred (ie, had the courts ruled in favor of 
>> Napster),
> I
>>  offer that Gnutella simply would not exist because it offers precisely
> zero
>>  incremental value. It is slower, less reliable, and less comprehensive
> than
>>  Napster could have been. Had Napster been allowed to grow, it could 
>> have
>>  offered better services, evolved faster, and been superior in every
>>  measurable way.
>>
>>  SIP proxies are today like Napster was then. But VoIP isn't illegal, 
>> and
>>  thus a SIP proxy is not a legal vulnerability. Thus I see no reason to
>>  believe that a decentralized alternative to a SIP proxy would warrant
> the
>>  resulting complexity cost inherent in any "pure"-P2P solution.
>>
>>  All that said, I do believe that P2P is the future of VoIP, and
> near-free
>>  services will be the business model. I merely think that the SIP proxy
> part
>>  of the equation is best left centralized.
>>
>>  -david
>>  Posted by: David Barrett at August 6, 2005 01:01 AM
>>
>>  So again, I'm still not sold on the benefits of P2P SIP. I think it's
>>  cool, don't get me wrong. And the idea of setting up an instant P2P
>>  network in the middle of a desert or in a disaster area is appealing,
>>  certainly. But you have to admit those are rather extreme 
>> circumstances.
>>  For the remaining 99.999% of actual real world users, this is not the
> case.
>>
>>  Furthermore, I agree that the servers at Free World Dialup and other
>>  free SIP services cost money. But not much, else they wouldn't be 
>> free.
>>  For under $100/mo you can get a dedicated server right on the 
>> backbone.
>>  The cost of deploying and maintaining hardware is virtually negligible
>>  these days.
>>
>>  The real costs come in managing the network, and this is where
>>  centralized services come in handy.
>>
>>  So P2P SIP is cool, certainly. And it might be handy the extreme
>>  situations you offer. But by the time the intrinsic decentralized
>>  problems have been hammered out, a centralized alternative will 
>> already
>>  dominate the landscape. And when it comes to competition, the
>>  decentralized solution offers no significant real world advantage 
>> (cost,
>>  reliability, performance) to anyone (user, administrator), while
>>  offering significant drawbacks in terms of complexity and the overall
>>  uncontrolled nature of P2P.
>>
>>  Would you disagree? I mean, except for disaster areas and deserts, and
>>  except for saving $100/mo for a million users, what's the benefit?
>>
>>  Furthermore, do you acknowledge the disadvantages in terms of
>>  reliability and performance (ie, global distributed search versus
>>  database lookup) of a P2P solution? How would you argue the benefits
>>  outweigh the detriments?
>>
>>  -david
>>  _______________________________________________
>>  p2p-hackers mailing list
>>  p2p-hackers at zgp.org
>>  http://zgp.org/mailman/listinfo/p2p-hackers
>>  _______________________________________________
>>  Here is a web page listing P2P Conferences:
>>  http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
>>
>
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers
> _______________________________________________
> Here is a web page listing P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

More information about the P2p-hackers mailing list