Skype has had its share of bad news lately, with a malware attack following close on the heels of a massive outage. Current events raise questions about Skype’s technology that won’t — and shouldn’t — go away.
One is the perennial architecture question: proprietary (Skype) vs. open (SIP). Recently I asked SIP application company Counterpath’s CTO Jason Fischl to talk about it. Fischl was also the architect of TelTel’s SIP-based VoIP system.
“When you’re trying to design a system to scale there are two places you can have a problem: design of the protocol or in a bug in the implementation,” he explains.
And quite simply, in protocol design as in so many of life’s other arenas, numbers count.
“In the case of SIP we have protocol design by people who’ve been designing telecom protocols for many years.” People like Cisco and Nortel telecommunications engineers, who have generations of experience with the problems that can crop up in communications networks.
“In the case of Skype, they have a very small group,” he continues. “The advantage [for Skype] is that they can make it simple. But a lot fewer people are looking at it. It’s a monoculture. The same group of people are making all the decisions — and the decisions are made for tactical reasons rather than technical reasons.”
And then there’s implementation execution. Here, too, more is better.
“When you see the problems Skype had, you see the advantages of SIP. In the case of SIP, you’ve got hundreds — even thousands — of implementations. Lots of service providers implement SIP. Any problem they have isn’t going to affect the entire population — just their customers. Lots of different vendors implementing is a nice benefit.
“But the consequences of a flaw in the case of Skype — it’s a catastrophe,” adds Fischl. “There are no other implementations.”
Fischl suggests that Skype’s outage may have had more to do with the centralized aspect of Skype’s architecture than the peer-to-peer dimension. “One of the [problematic] things about their [Skype’s]architecture is that the authorization of users is done on a central server. That leaves open a vulnerability.”
SIP, by contrast, has a distributed authorization process. “It relies on an overlay network. You make a query into the overlay network and find out how to contact subscribers.”
Further, the IETF’s — Internet Engineering Task Force — peer-to-peer SIP working group is looking at an architecture that will do complete peer-to-peer SIP without a server at any point.
“One of the fundamental requirements is that you won’t need a central server when you login — only when you sign up. The consequence is that if servers went down you wouldn’t get new customers, but customers can still make calls.”
Fischl confesses to being puzzled that Skype hasn’t embraced SIP. “To being with, they’ve already got SIP gateways — why not go further down the road? I think if they took that approach — augment the network, let any SIP endpoint connect — they’d have a huge network of vendors building devices.
“Who knows?” Fischl adds, “Maybe they’re going down that road.”