Synopsis: Interview about SIP security with Cullen Jennings, Area Director for the Real-time Applications and Infrastructure area of the Internet Engineering Task Force (IETF).
Welcome to Blue Box: The VoIP Security Podcast Special Edition #20, a 42-minute interview about SIP security with Cullen Jennings of IETF and Cisco. Recorded at VoiceCon San Francisco in August 2007.
You may also listen to this podcast right now:
In this Special Edition, I sat down with Cullen Jennings out at VoiceCon San Francisco in August 2007 to talk about SIP security. Cullen had just co-presented with Eric Rescorla a 3-hour tutorial on SIP security and in this interview we covered an overview of the topics covered in that session, such as:
- challenges in encrypting SIP signaling (forking, early media (including what it is))
- proposed methods of encrypting voice/media, including ZRTP and DTLS
- SIP identity
- SIP outbound, a proposal for helping SIP signaling work across firewalls
- certificate management in SIP
- future security issues of concern within SIP
I believe you will find it both a very educational and interesting interview that will help explain some of the various areas of SIP security.
Cullen is a Distinguished Engineer with Cisco Systems but more relevantly is one of the Area Directors for the "Real-time Applications and Infrastructure" (RAI) area of the Internet Engineering Task Force (IETF). Basically almost all of the SIP-related standards move through the RAI area of the IETF. Cullen also has a strong interest in security and has been an author on several of the security-related RFCs and Internet-Drafts related to SIP.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to firstname.lastname@example.org. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'email@example.com' to leave a comment there.
Thank you for listening and please do let us know what you think of the show.