Doubts over security and privacy must be overcome before enterprises can benefit from the session initiation protocol (SIP). Gunter Ollmann, principal security consultant at ISS, said bringing so many standards under one protocol could be risky.. . .
Doubts over security and privacy must be overcome before enterprises can benefit from the session initiation protocol (SIP). Gunter Ollmann, principal security consultant at ISS, said bringing so many standards under one protocol could be risky. "Although various conceptual security considerations have been made in the design of SIP, very little information relating to the security of the SIP protocol is available at this stage," he said.

"As the protocol links existing protocols and services together, all the classic vulnerabilities of services such as SMTP, HTTP, HTTPS, VoIP and instant messaging are likely to have an effect," said Ollmann.

Further questions have been raised over the kinds of location data the protocol accesses, and how this is protected. Services will require a central repository of information about users' location and preferences.

The link for this article located at vnunet is no longer available.