Blue Box Podcast #22: SIP Security at IETF (part 1), VoIP security news, comments and more
Synopsis: VoIP security news, opinions and comments from listeners as well as a 25-minute interview with Dan Wing and Cullen Jennings from Cisco about SIP media security coming out of recent IETF meetings.
Welcome to Blue Box: The VoIP Security Podcast show #22, a 45-minute podcast from Dan York and Jonathan with news and commentary about the world of VoIP security. This show also features the first of two interviews we have coming at you about the IETF meetings that took place in March 2006. This week's 25-minute interview is with Dan Wing and Cullen Jennings of Cisco Systems and is primarily about Dan Wing's presentation on methods of securing the SIP media stream.
Download the show here (MP3, 43MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Show Content:
- 00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
- 02:06 - Lycos offers free phone (also Tom Keating blog entry)
- 08:07 - Wall Street Journal: op-ed on Skype (subscription only) – but also visible on Bruno Giussani’s blog – The fine print on Skype
- 09:37 - Jeff Pulver: Senate Extends Telephone Privacy Rules to VoIP Providers (found via Bruce Stewart )
- 11:27 - Converge! Network Digest: Security in VoIP Networks – Stronger than TDM!
- 12:26 - Interoute Launches the First Genuinely Secure Corporate VoIP Service – see also iSip product page – “Secure business calls wherever you are online, for free” (via Craig Bowser)
- 14:01 - TMC.net: Is Your Network VoIP Ready? (tip of the hat to Ken Camp )
- 14:58 - Upcoming shows:
- April 18, DC (Arlington, VA) Homeland Defense & IT Security Training Conference (I’ll be speaking)
- Interop, April 30-May 5, Las Vegas (anyone going?)
- June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
- June 1-2, Berlin, Third Annual VoIP Security Workshop
15:34 - Feature interview with Dan Wing and Cullen Jennings of Cisco Systems primarily about Dan Wing’s presentation on SIP key exchange mechansims at the recent IETF meeting in March in Dallas, Texas. In this segment, Dan goes through his first slides and explains the basic security issues around securing SIP media streams, talks about design choices for various proposed solutions and discusses where all this is going. Given that SRTP interoperability between systems is an extremely important issue right now, it's well worth grabbing a copy of the slides and joining Dan in a journey through the issues. At about 32:03, the interview shifted to Cullen Jennings where he discussed the IETF re-organization and creation of the Realtime Applications and Infrastructure (RAI) Area and what that means for these issues. Cullen also provides his view on the security discussions that occurred down at the IETF meeting. Definitely all well worth a listen.- 39:54 - End of interview
- 40:03 - Comment from Craig Bowser
- 40:40 - Comment from voipuser about Codenomicon interview
- 42:33 - Review of the last week's traffic on the VOIPSEC public mailing list. Continued discussion of SRTP and UDP and much, much more
- 43:27 - Discussion of the ability to subscribe to the podcast via e-mail
- 44:04 - Wrap-up, info about how to leave comments, upcoming shows, etc.
- 45:25 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
This was recently posted as a comment to an earlier podcast, but really belongs here (and I don't know how to move it).
------
Hi Dan and Jonathan,
The Blue Box Podcast #22 on the SIP Security for VOIP presented a concise "picture worth 1000 words" of the various drafts on SIP security that could be overwhelming to read and understand. The slides provided an excellent reference to what was being talked about.
Would like more such Podcasts where there are visuals (like Powerpoint) that go with the Podcast.
Thanks for all your excellent efforts.
Kandy
Posted by: Dan York | April 09, 2006 at 09:10 PM
I will be attending N+I and will participate in a VoIP security panel, so I will be happy to provide a summary of what I find there.
Posted by: Mark Collier | April 10, 2006 at 03:27 PM
FYI, during the meeting we determined that the Diffie-Hellman modes are, in fact, secure with forking. However the slides at the IETF website, which are what I presented at the IETF meeting, indicate the Diffie-Hellman modes are insecure with forking. Please make mental adjustments on this point.
Posted by: Dan Wing | April 11, 2006 at 12:13 PM
Hello -
Just wanted to say that the section with Dan Wing on VoIP SIP security was very helpful and informative.
Keep up the good work!
Posted by: J. Stein | April 15, 2006 at 12:10 PM