« Blue Box #66: Cisco/Grandstream/Thomson VoIP security vulnerabilities, Skype outage, VoiceCon coverage, VoIP security news, listener comments and more.. | Main | FYI - I'm out at AstriCon in Arizona (and looking for Asterisk security feedback over on the VOIPSA weblog) »

September 07, 2007

Blue Box SE#020 - SIP Security discussion with Cullen Jennings of IETF and Cisco

Synopsis: Interview about SIP security with Cullen Jennings, Area Director for the Real-time Applications and Infrastructure area of the Internet Engineering Task Force (IETF).

Welcome to Blue Box: The VoIP Security Podcast Special Edition #20, a 42-minute interview about SIP security with Cullen Jennings of IETF and Cisco.  Recorded at VoiceCon San Francisco in August 2007.

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Cullen Jennings out at VoiceCon San Francisco in August 2007 to talk about SIP security. Cullen had just co-presented with Eric Rescorla a 3-hour tutorial on SIP security and in this interview we covered an overview of the topics covered in that session, such as:

  • challenges in encrypting SIP signaling (forking, early media (including what it is))
  • proposed methods of encrypting voice/media, including ZRTP and DTLS
  • SIP identity
  • SIP outbound, a proposal for helping SIP signaling work across firewalls
  • certificate management in SIP
  • future security issues of concern within SIP

I believe you will find it both a very educational and interesting interview that will help explain some of the various areas of SIP security.

Cullen is a Distinguished Engineer with Cisco Systems but more relevantly is one of the Area Directors for the "Real-time Applications and Infrastructure" (RAI) area of the Internet Engineering Task Force (IETF). Basically almost all of the SIP-related standards move through the RAI area of the IETF. Cullen also has a strong interest in security and has been an author on several of the security-related RFCs and Internet-Drafts related to SIP.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on September 07, 2007 at 04:53 PM in Podcasts, VoIP Security, VOIPSA |

Technorati Tags: , , , , , , , , , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/316979/21428715

Listed below are links to weblogs that reference Blue Box SE#020 - SIP Security discussion with Cullen Jennings of IETF and Cisco:

» Great overview of SIP security now posted on Blue Box site... from Disruptive Telephony
Over on Blue Box, I uploaded on Friday what I consider one of the best overviews about SIP security that we've done: Blue Box Special Edition #20. I recorded the interview out at VoiceCon San Francisco in August and it's [Read More]

Tracked on September 09, 2007 at 11:19 AM

Comments

Post a comment

If you have a TypeKey or TypePad account, please Sign In

The Obligatory Photo

Promote Blue Box!

  • Add this graphic to your site!

Contact Information

Full Disclosure

  • Dan York, CISSP, is the Best Practices Chair of the VOIP Security Alliance (VOIPSA) and the Director of Emerging Communication Technology for Voxeo.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither Voxeo, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

License

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Archives

More...

Categories

VoIP Podroll

Blue Box MP3 Files