Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Jun 12
CIRA Makes DNSSEC Available For .CA Through Registrars
Great news today for our friends up north in Canada – they can now sign their .CA domains with DNSSEC! As the Canadian Internet Registration Authority (CIRA) said in a news release yesterday, they are making the Internet safer for all Canadians and noted:
DNSSEC builds a “chain of trust” between users and the websites they wish to visit. It helps counter malicious online activities such as DNS spoofing and man-in-the-middle (MITM) attacks. These fraudulent activities are usually intended to capture personal information, such as bank account logins.
Perhaps even more importantly, DNSSEC will now let people with .CA domains use innovative new protocols like DANE to add a layer of trust to TLS/SSL certificates used for ecommerce and secure access to websites.
CIRA also rolled out an updated FAQ page on DNSSEC (thanks, CIRA, for the link to our work here!) and already has three registrars/DNS hosting providers who will offer DNSSEC-secured .CA domain names.
You may recall that CIRA first made DNSSEC available for .CA domains back in early 2013. However, it was still a manual process to get your signed .CA domain linked in to the global “chain of trust” for DNSSEC. With this announcement yesterday CIRA has now removed that manual process and made it easy for registrars to upload the necessary DS records. Now they just need more of the .CA registrars to support DNSSEC. (See our page about DNSSEC and registrars for an overview of the process.)
Congrats to the team at CIRA for making this happen!
P.S. If you want to get started with making our domain more secure, visit our “Start Here” pages to learn more about DNSSEC.
Jun 12
GigaOm: Cloud Providers Need To Get IPv6!
Over on GigaOm today we were delighted to see the article “With billions of devices coming online, cloud providers better get with IPv6 program“. In that article, author Barb Darrow writes:
As we enter the internet of things era, with millions; check that, billions of devices coming online, we’re going to need a lot more unique IP addresses. That means the big cloud providers need to get on the stick to support IPv6, the internet protocol that opens up billions of new addresses for just that purpose.
EXACTLY!
This is a key point we’ve been making in our events and presentations – with all these many devices coming online, and also with 3-4 billion more people to come online, we need to move to using IPv6!
In the article, she goes on to note that IPv6 is NOT supported by Microsoft Azure, Google Computer Engine and most of Amazon Web Services. She does point out that IBM Softlayer does support IPv6 as will a new “Verizon Cloud” service apparently coming out later this year. (All of which has made me note that we need a page on this Deploy360 site about “cloud services that support IPv6″.)
A few weeks back I asked a friend of mine who has an Internet of Things (IoT) startup whether his new service supported IPv6. He runs his system, not surprisingly, on a cloud platform – in his case Amazon’s Elastic Compute Cloud (EC2) – and because EC2 doesn’t have IPv6, he can’t run his apps over IPv6.
We need to get there. We need all the cloud providers to be enabled for IPv6, because they will then enable all the companies, large and small and everything in between, to make the move to the “production” version of the Internet.
Barb Darrow mentions in the GigaOm article that “the device population explosion pose to cloud providers and the very architecture of data centers will be a hot topic next week at Structure“, where Structure is GigaOm’s conference on the whole “cloud” topic. That sounds great… although in looking at the agenda I don’t see anything specifically mentioning IPv6. Hopefully that is a topic that gets covered and maybe we’ll be able to write about some of the IPv6-related news next week.
UPDATE: In a comment to this post, Barb Darrow indicates that IPv6 will be a topic in the Structure panel “What has to happen to enable the infrastructure to support IOT?” And indeed, to support the Internet of Things (IoT) we very definitely need to move to IPv6!
Meanwhile, if you are a cloud provider – or anyone else – do check out our “Start Here” page or just browse through some of our IPv6 resources to get started with the move to IPv6!
Jun 11
TDYR #157 – Talking TLS For VoIP At SIPNOC 2014
How can we use TLS to make SIP-based voice-over-IP more secure? I was at the SIPNOC 2014 conference in Virginia talking on that specific topic. You can find more info at:
http://www.internetsociety.org/deploy360/tls/
Jun 10
SIPNOC 2014 Begins Today In Virginia – I am speaking about TLS and SIP (and DANE)
Today I'm back at the Hyatt Dulles in Herndon, Virginia, for the fourth SIP Network Operators Conference (SIPNOC) event. These SIPNOC sessions are great because they bring together the people actually operating the SIP-based networks that make up our telecommunications infrastructure. SIPNOC continues to be THE best place I've found to interact with the people actually taking SIP standards and making them happen in the "real world".
I've been to all four SIPNOCs - and I continue to find them outstanding events, not only because of the excellent technical content, but also because of the people.
In many cases, these are the "phone guys" (and gals) who have found their way to IP. The "Bellheads" of the age-old "Bellhead vs Nethead" debate. The "telcos". The people who have been doing telecom for decades... and are now evolving to IP.
In other cases, the people here are the new contenders. The cable companies are here - and they are strongly challenging the legacy telcos, and they are creating entirely new IP-based infrastructures. The "Internet Telephony Service Providers (ITSPs)" and "SIP Trunking" providers are here, too... companies that are reimagining what telecom can be in an IP space. Newer vendors... newer application providers... etc.
It's a wonderful mix of people.
All here talking about telecom in the age of the Internet... sponsored by the SIP Forum.
As I mentioned in a post yesterday on the Deploy360 blog, I will be speaking today at SIPNOC 2014 about TLS for SIP. The abstract for my talk is:
With concerns about large-scale pervasive monitoring on the Internet, many groups are encouraging the increased use of Transport Layer Security (TLS, what we used to call “SSL”). While SIP has had TLS support for quite some time, it is often not used. This session will look at concerns of using TLS with SIP and discuss opportunities for providing higher security for SIP-based communication. The session will also outline some newer innovations such as the DANE protocol that when coupled with DNSSEC can provide a higher level of trust for TLS encryption.
This relates largely to the "TLS for Applications" work we are doing within Deploy360, as well as our advocacy for the use of the DANE protocol to add a layer of trust to TLS/SSL certificates.
As I note in that Deploy360 post, I'm delighted to see on the SIPNOC agenda that speaking before me will be Carl Klatsky from Comcast providing a case study of the lessons they have learned so far in moving to IPv6!
It's kind of fun to scan my list of presentations and look back at what I've spoken about at the past SIPNOC events:
- SIPNOC 2011 (employed at Voxeo)
- 1. SIP Adoption and Network Security
2. Lessons Learned in Large-Scale SIP Interoperability - SIPNOC 2012 (employed at Voxeo)
- 1. SIP and IPv6 – Can They Get Along?
2. Panel Discussion: SIP Adoption and Network Security
3. BOF: SIP and IPv6 - SIPNOC 2013 (employed at Internet Society)
- 1.IPv6 And SIP – Myth or Reality?
2. Who are You Really Calling? How DNSSEC Can Help
3. Panel Discussion: Anatomy of a VoIP DMZ (moderator) - SIPNOC 2014 (employed at Internet Society)
- 1. Is It Time For TLS For SIP? (also includes some DNSSEC/DANE)
It's nice to have someone else talking about IPv6 this year!
Of course, you'll also find me in the VoIP security BOF tonight... and listening to the other sessions. Unfortunately I have something else happening tomorrow evening back in New Hampshire and so I'm only here at SIPNOC today and will be flying back tomorrow. The SIPNOC event continues all day tomorrow and half a day on Thursday.
Sessions are underway now... here is photo proof:
Unless you happen to be located in the DC area, it would be very hard for anyone to join into this year's SIPNOC event... but if you work with SIP or VoIP networks, I would strongly encourage you to put SIPNOC 2015 on your calendar for next year!
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net
- subscribing to my email newsletter; or
- subscribing to the RSS feed
Jun 09
FIR #759 – 6/9/14 – For Immediate Release
Shel at the IABC conference in Toronto; Quick News: CIA joins Twitter, IABC names Carlos Fulcher new executive director, UK Podcasters meeting in London, BreatheRight does real-time marketing well; Ragan promo; News That Fits: PR reps, Wikipedians meet; Dan York's Tech Report; six myths of social sharing; the Media Monitoring Minute with CustomScoop; listener comments; social media compliance concerns in financial industry ease; what's new in the FIR Podcast Network; Michael Netzley's Asia Report; Igloo Software promo; Facebook discussion from Harry Hawk; music by Seventh Epic; and more
Jun 09
Speaking At SIPNOC 2014 On June 10 About TLS For SIP/VoIP/UC
What advantages does Transport Layer Security (TLS, what we used to call “SSL”) bring to voice-over-IP (VoIP) that uses the Session Initiation Protocol (SIP)? What is the state of TLS usage within SIP and VoIP? Why isn’t it being used more?
Tomorrow, June 10, 2014, I’ll be speaking at the SIP Network Operators Conference (SIPNOC) 2014 event down in Herndon, Virginia, on the topic of “Is It Time For TLS For SIP?“. I’ll be discussing why we need more TLS usage in SIP-based communication, including what we think of as “VoIP” and also “Unified Communications (UC)”. The abstract for my talk is:
With concerns about large-scale pervasive monitoring on the Internet, many groups are encouraging the increased use of Transport Layer Security (TLS, what we used to call “SSL”). While SIP has had TLS support for quite some time, it is often not used. This session will look at concerns of using TLS with SIP and discuss opportunities for providing higher security for SIP-based communication. The session will also outline some newer innovations such as the DANE protocol that when coupled with DNSSEC can provide a higher level of trust for TLS encryption.
As you can tell, my focus will be around the “TLS for Applications” topic area we have here on Deploy360, as well as some discussion around DANE and what it can bring in terms of increased security.
I’ve spoken at SIPNOC events for the past two years (and before that) but my topic has always included IPv6. This time I won’t be doing that… but to my delight one of the talks before mine tomorrow will be Carl Klatsky from Comcast providing a case study of their work their voice services to IPv6. Here is his abstract:
Comcast Voice IPv6 Deployment Lessons Learned. Presented by Carl Klatsky, Comcast.
This presentation will review the successes, challenges, and lessons learned in deploying IPv6 support into Comcast’s IMS based SIP voice network, in support of an upcoming IPv6 technical trial. The presentation will review the overall target architecture covering both access and network side elements, and share the lessons learned with the SIP community.
I’m very much looking forward to hearing what Carl has to say!
There are many other great sessions on the SIPNOC 2014 agenda. Unfortunately I can only be at the event tomorrow and will be missing out on the great content on Wednesday and Thursday. You can, of course, expect to find me in any of the security-related sessions on Tuesday!
If any of you reading this are at SIPNOC 2014 tomorrow please do feel free to say hello!
P.S. And before anyone asks in the comments, no, there is not a live stream (or recordings) of the SIPNOC sessions. They try to keep it an informal atmosphere where information can be shared with the conference sessions without that information being immediately public.
Jun 09
What Major Change Is SoundCloud About To Make To Their Mobile Apps?
We noticed you've used our app to record and upload tracks to SoundCloud. With an upcoming version of the app, we'll be making changes to the way tracks are stored on your phone. If you have tracks that you've recorded but haven't uploaded, please follow the instructions below to save them. You can upload the tracks to your SoundCloud profile, or you can download them to your computer. Please do this as soon as possible to ensure that you don't lose anything you've recorded.
I cringed when I saw this... because I do use the SoundCloud app on my iPhone to record tracks for my "The Dan York Report" podcast and I do keep a number of different unpublished tracks sitting in the SoundCloud app. Often I may record a sound somewhere with the intent of later folding that into a recording (and which, admittedly, I often wind up never getting around to doing).
The key message of the email from SoundCloud is this:
YOU WILL LOSE YOUR TRACKS THAT YOU HAVE NOT UPLOADED UNLESS YOU TAKE ACTION BEFORE THE UPGRADE!
The email points out that all you need to do is upload the tracks to your SoundCloud account - and you can do so and make them "Private" so that they are only visible to you. They also note that you can download your sounds to your computer if you would prefer to do that. I chose to upload my tracks to SoundCloud as private recordings.
IMPORTANT: Note that when you upload your tracks to SoundCloud, the original date information will NOT be saved! That track you recorded in December 2012 that has the title "Sounds from Tuesday evening" will be uploaded to SoundCloud with a timestamp of when you upload the track. So if the date of the original recording is important to you, you may want to incorporate that date into the title of the track BEFORE you upload the track.
If you don't know what I'm talking about, the email from SoundCloud helpfully provided this image showing tracks that have not been uploaded:
I cringed when I read the email from SoundCloud for a larger reason. This upload of local tracks was no big deal. I was done in maybe 5 minutes. My larger concern though is... what is SoundCloud going to do to the recording experience?
Right now I mostly used the SoundCloud iOS app to record my TDYR podcasts (as I explained in an episode) as my TDYR podcast is all about trying to see how minimally and easily a podcast can be recorded.
However, the SoundCloud app seems to continue to move to being more about music consumption rather than creation. This started a while back when they moved "Record" from the home screen to being under the "..." menu choice. And then we haven't really seen any improvements or changes to the recording capability.
Will they improve the recording experience? Or further de-emphasize it?
We'll see... but in the meantime if you have any local recordings in the app you need to do something if you want to retain any of those recordings.
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
Jun 06
Happy World IPv6 Launchiversary! Two Years Of Remarkable IPv6 Growth (Featured Blog)
Happy Launchiversary! It's been two years since World IPv6 Launch in 2012, the day many major Internet Service Providers (ISPs), home networking equipment manufacturers, and web companies around the world started permanently enabling IPv6 for their products and services. In the last two years, participation and interest in IPv6 has only grown. Today nearly 250 network operators around the world are participating in World IPv6 Launch measurements, and we continue to see increased IPv6 deployment by network operators, websites, and home router vendors. More...
Jun 06
A Quick Ebook To Learn About IPv6: The Consumer Guide
Are you looking for a quick way to learn more about IPv6 and how to get started? Would you like to quickly set up a computer to test out IPv6 and learn how to use it?
If so, check out the Consumer Guide: All About IPv6. Published by the Internet Society Hong Kong Chapter, this ebook gives a basic introduction to IPv6, then provides tutorials for configuring IPv6 on consumer devices. It explains what IPv6 is all about by explaining IPv4 exhaustion and other benefits of IPv6 adoption. It also includes tutorials detailing how to enable and configure IPv6 and 6in4 tunneling on typical consumer software including Windows 7, Apple’s OS X, VPN clients, and home routers.
The book is a well-done basic introduction to IPv6 that is easy to read and understand. It is available both as a PDF that can be printed or read in an ebook reader or on a tablet or smartphone – or as a website for desktop viewing, complete with a clickable table of contents and other controls.
Thanks to the ISOC Hong Kong Chapter for creating such a useful guide!
If you are looking for more resources to get started with IPv6, please visit our “Start Here” pages that can guide you to resources appropriate to your type of organization or activity.
