Reason # 2: SIP is secure.
It's true. SIP, like all IETF-based proposals, leverages the rich capabilities of all underlying services of the Internet environment:
• Internet Protocol
• TCP
• UDP
• http
• TLS
• S/MIME
and more.
2. SIP is secure.
There are tradeoffs of interoperability and cost when considering security. After all, simple standards make it easier to interoperate within a multi-vendor network. It does however potentially open the network to potential abuse. That’s where strong authentication and privacy services need to be part of the equation, as options to offer control and privacy, as appropriate so that the tradeoffs do not interfere with the primary business benefit of standard – to enable long investment life through interchangeable vendors, services, applications and devices.
The IETF framework for SIP enables a rich set of standards for authentication and privacy. There are standards for secure SIP, secure RTCP and secure RTP. These capabilities leverage IETF proposals for the use of standard implementations such as Transport Layer Security (TLS) for robust session privacy service, Secure/Multi-part Internet Mail Extensions (S/MIME) for session control packet privacy.
Most vendors implementing H.323, for example, offers no such options, choosing instead to implement proprietary derivatives to facilitate rudimentary forms of privacy in first generation IP PBX devices. This is closest to the PBX vendor approaches of the past two decades where proprietary digital signaling protocols were implemented on endpoints and PBX fabric. This had the effect of nominally-better security, but considerably more vendor-specific lock-in, since the most useful features such as call forward, hold and so on, did not work at the lowest ‘standard’ level.