« Blue Box #66: Cisco/Grandstream/Thomson VoIP security vulnerabilities, Skype outage, VoiceCon coverage, VoIP security news, listener comments and more.. | Main | FYI - I'm out at AstriCon in Arizona (and looking for Asterisk security feedback over on the VOIPSA weblog) »

September 07, 2007

Blue Box SE#020 - SIP Security discussion with Cullen Jennings of IETF and Cisco

Synopsis: Interview about SIP security with Cullen Jennings, Area Director for the Real-time Applications and Infrastructure area of the Internet Engineering Task Force (IETF).

Welcome to Blue Box: The VoIP Security Podcast Special Edition #20, a 42-minute interview about SIP security with Cullen Jennings of IETF and Cisco.  Recorded at VoiceCon San Francisco in August 2007.

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Cullen Jennings out at VoiceCon San Francisco in August 2007 to talk about SIP security. Cullen had just co-presented with Eric Rescorla a 3-hour tutorial on SIP security and in this interview we covered an overview of the topics covered in that session, such as:

  • challenges in encrypting SIP signaling (forking, early media (including what it is))
  • proposed methods of encrypting voice/media, including ZRTP and DTLS
  • SIP identity
  • SIP outbound, a proposal for helping SIP signaling work across firewalls
  • certificate management in SIP
  • future security issues of concern within SIP

I believe you will find it both a very educational and interesting interview that will help explain some of the various areas of SIP security.

Cullen is a Distinguished Engineer with Cisco Systems but more relevantly is one of the Area Directors for the "Real-time Applications and Infrastructure" (RAI) area of the Internet Engineering Task Force (IETF). Basically almost all of the SIP-related standards move through the RAI area of the IETF. Cullen also has a strong interest in security and has been an author on several of the security-related RFCs and Internet-Drafts related to SIP.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by on September 07, 2007 at 04:53 PM in Podcasts, VoIP Security, VOIPSA |

Tags: cisco, cullen jennings, dan york, dtls, ietf, sip, sip identity, sip security, voip, voip security, voipsa, voipsecurity, zrtp

| |

Comments

The comments to this entry are closed.

The Obligatory Photo

Contact Information

License

Full Disclosure

  • Dan York, CISSP, is the Chair of the VOIP Security Alliance (VOIPSA) and Senior Content Strategist for the Internet Society.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Archives

Categories

Search

Promote Blue Box!

  • Add this graphic to your site!

Recent Posts

Recent Comments

Subscribe to this blog's feed