FOOD FOR THOUGHT Simonics SIP Gateway to Google Voice

[chris_c_]

Motif module is included in XiVO Asterisk build but not presently supported in the GUI. We recommend Simonics SIP to GV gateway for Google Voice support.

I appreciate the Simonics SIP to GV gateway, and I have a question about it, is it implemented as a MITM (man in the middle) proxy pattern?

 

[wardmundy]

Not really. GV credentials/traffic are encrypted when passing through the gateway if I understand it correctly. @billsimon probably will chime in with specifics.

 

[chris_c_]

Not really. GV credentials/traffic are encrypted when passing through the gateway if I understand it correctly. @billsimon probably will chime in with specifics.

Interesting. Between the pbx and Bill, he accepts encrypted SIP signalling and entrypted SRTP for the audio?
The link from Bill up to GV, though, has to be clear text, AFAIK, so, he would need to decrypt it in order to pass it through to the GV server.

 

[wardmundy]

Interesting. Between the pbx and Bill, he accepts encrypted SIP signalling and entrypted SRTP for the audio?
The link from Bill up to GV, though, has to be clear text, AFAIK, so, he would need to decrypt it in order to pass it through to the GV server.

I guess any SIP provider is a Man in the Middle. That's the nature of the beast, isn't it?

 

[billsimon]

Interesting. Between the pbx and Bill, he accepts encrypted SIP signalling and entrypted SRTP for the audio?
The link from Bill up to GV, though, has to be clear text, AFAIK, so, he would need to decrypt it in order to pass it through to the GV server.

From your SIP client (PBX, phone, software) to Google Voice Gateway you can use UDP, TCP, or TLS signaling for SIP. TLS is encrypted; the others are not. SRTP encryption for media is not offered.

From GVGW to Google the signaling is XMPP over TLS. Media is not encrypted on that leg either.

There is no passing of Google username/password credentials at any point in our service, only the exchange of OAuth2 tokens restricted to connecting to Google Chat from our app. The only time you use your Google user/pass is to log in to Google to grant us the tokens and authorization.

 

[chris_c_]

I guess any SIP provider is a Man in the Middle. That's the nature of the beast, isn't it?

True, any SIP provider is MITM and can snoop on the cleartext media and/or point-to-point encrypted signalling for which they are one of the endpoints, EXCEPT for ZRTP, which is encrypted without any decryption taking place between the caller and the called party. Any middle server transiting ZRTP media is simply passing thru what sounds like white noise if they were to try and listen in. This ZRTP is the only real privacy protecting VOIP protocol in the age of widespread snooping and resale of your private telephone conversations to advertisers, to govt agencies, and to anyone willing to pay the cash to GV etc, even your competitors in business. Yet I digress...

 

[chris_c_]

It's also possible for a VOIP SIP provider to not proxy the media when it's smart enough to detect that the two call parties are pure digital SIP VOIP endpoints.

Say you subscribe to SIP provider A and I subscribe to SIP provider B. If both SIP providers are running smart enough software to detect that when I dial your phone number 843-123-4567, that number is not a PSTN copper landline, it's actually a DID which is really a SIP address behind the scenes, then my sip provider ought to signal to my endpoint over SIP that it should connect directly to yours for a pure direct digital call. In doing so the call avoids transiting out thru the PSTN and back in again, therefore avoids requiring its media to be decrypted to g711u by my MITM sip provider. My endpoint or pbx would simply connect directly to your direct SIP address eg [email protected] and the media could remain encrypted as well as the SIP signaling, thus, no man the middle could possibly listen in. Also, a penny saved, due to no PSTN call termination fee.

 

[wardmundy]

Yes, but... Google Voice doesn't talk SIP to the outside world so this would never work with GV trunks.