Blue Box: The VoIP Security Podcast

Synopsis: Interview/tutorial with Per Cederqvist about sdescriptions, VoIP security news and much more

Welcome to Blue Box: The VoIP Security Podcast show #17, a 41-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security.  This show features an interview/tutorial with Per Cederqvist about the 'sdescriptions' method of SRTP key exchange. The show also includes a brief segment with folks from NetIQ as well as the usual news and comments from listeners.

Download the show here (MP3, 38MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 01:59 - Unstrung: WiFi Voice: How safe? and Five WiFi VOIP Security Issues
• 03:50 - Network World: Network security is the key to keeping VoIP secure  and again on 2/20?
• 06:52 - IT Business Edge: A Multi-Layered Approach to VoIP Security  (Q&A with former guest Steve Mank of Qovia)
• 07:09 - Discussion about the RSA Conference that Jonathan attended
• 11:32 - Feature interview with Per Cederqvist of Ingate systems about the "sdescriptions" method of SRTP key exchange. He provided a great introduction to the protocol and explained both the positive and negative sides of using it.  The interview included:
  • Background on Ingate, his role, etc.
  • sdescriptions background, rationale
  • standards status, industry support
  • differences from MIKEY
  • importance of SSL/TLS
  • encryption used
  • reference implementations?
  • interoperability - contact Per at "[email protected]" if you are interested in interop testing
  • 21:40 end of interview
• 22:00 - Comment section - Shawn Merdinger
• 22:49 - audio comment from Martyn Davies
• 25:49 - inquiry from a radio station about comment line software
• 26:53 - Brief interview with Jeff Hicks and Randy Rosenbaum about their news release – NetIQ Unveils First Integrated Systems and Security Management Solution for VoIP (See also this Network World article)
• 38:53 - Review of the last week's traffic on the VOIPSEC public mailing list.... there was none!  Quiet week on the mailing list, but that is sure to change.
• 39:27 - Final comments, wrap-up of show, upcoming conferences, how to give comments, etc.
• 41:00 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.