Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Jun 11
TDYR #157 – Talking TLS For VoIP At SIPNOC 2014
How can we use TLS to make SIP-based voice-over-IP more secure? I was at the SIPNOC 2014 conference in Virginia talking on that specific topic. You can find more info at:
http://www.internetsociety.org/deploy360/tls/
Jun 10
SIPNOC 2014 Begins Today In Virginia – I am speaking about TLS and SIP (and DANE)
Today I'm back at the Hyatt Dulles in Herndon, Virginia, for the fourth SIP Network Operators Conference (SIPNOC) event. These SIPNOC sessions are great because they bring together the people actually operating the SIP-based networks that make up our telecommunications infrastructure. SIPNOC continues to be THE best place I've found to interact with the people actually taking SIP standards and making them happen in the "real world".
I've been to all four SIPNOCs - and I continue to find them outstanding events, not only because of the excellent technical content, but also because of the people.
In many cases, these are the "phone guys" (and gals) who have found their way to IP. The "Bellheads" of the age-old "Bellhead vs Nethead" debate. The "telcos". The people who have been doing telecom for decades... and are now evolving to IP.
In other cases, the people here are the new contenders. The cable companies are here - and they are strongly challenging the legacy telcos, and they are creating entirely new IP-based infrastructures. The "Internet Telephony Service Providers (ITSPs)" and "SIP Trunking" providers are here, too... companies that are reimagining what telecom can be in an IP space. Newer vendors... newer application providers... etc.
It's a wonderful mix of people.
All here talking about telecom in the age of the Internet... sponsored by the SIP Forum.
As I mentioned in a post yesterday on the Deploy360 blog, I will be speaking today at SIPNOC 2014 about TLS for SIP. The abstract for my talk is:
With concerns about large-scale pervasive monitoring on the Internet, many groups are encouraging the increased use of Transport Layer Security (TLS, what we used to call “SSL”). While SIP has had TLS support for quite some time, it is often not used. This session will look at concerns of using TLS with SIP and discuss opportunities for providing higher security for SIP-based communication. The session will also outline some newer innovations such as the DANE protocol that when coupled with DNSSEC can provide a higher level of trust for TLS encryption.
This relates largely to the "TLS for Applications" work we are doing within Deploy360, as well as our advocacy for the use of the DANE protocol to add a layer of trust to TLS/SSL certificates.
As I note in that Deploy360 post, I'm delighted to see on the SIPNOC agenda that speaking before me will be Carl Klatsky from Comcast providing a case study of the lessons they have learned so far in moving to IPv6!
It's kind of fun to scan my list of presentations and look back at what I've spoken about at the past SIPNOC events:
- SIPNOC 2011 (employed at Voxeo)
- 1. SIP Adoption and Network Security
2. Lessons Learned in Large-Scale SIP Interoperability - SIPNOC 2012 (employed at Voxeo)
- 1. SIP and IPv6 – Can They Get Along?
2. Panel Discussion: SIP Adoption and Network Security
3. BOF: SIP and IPv6 - SIPNOC 2013 (employed at Internet Society)
- 1.IPv6 And SIP – Myth or Reality?
2. Who are You Really Calling? How DNSSEC Can Help
3. Panel Discussion: Anatomy of a VoIP DMZ (moderator) - SIPNOC 2014 (employed at Internet Society)
- 1. Is It Time For TLS For SIP? (also includes some DNSSEC/DANE)
It's nice to have someone else talking about IPv6 this year!
Of course, you'll also find me in the VoIP security BOF tonight... and listening to the other sessions. Unfortunately I have something else happening tomorrow evening back in New Hampshire and so I'm only here at SIPNOC today and will be flying back tomorrow. The SIPNOC event continues all day tomorrow and half a day on Thursday.
Sessions are underway now... here is photo proof:
Unless you happen to be located in the DC area, it would be very hard for anyone to join into this year's SIPNOC event... but if you work with SIP or VoIP networks, I would strongly encourage you to put SIPNOC 2015 on your calendar for next year!
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net
- subscribing to my email newsletter; or
- subscribing to the RSS feed
Jun 09
FIR #759 – 6/9/14 – For Immediate Release
Shel at the IABC conference in Toronto; Quick News: CIA joins Twitter, IABC names Carlos Fulcher new executive director, UK Podcasters meeting in London, BreatheRight does real-time marketing well; Ragan promo; News That Fits: PR reps, Wikipedians meet; Dan York's Tech Report; six myths of social sharing; the Media Monitoring Minute with CustomScoop; listener comments; social media compliance concerns in financial industry ease; what's new in the FIR Podcast Network; Michael Netzley's Asia Report; Igloo Software promo; Facebook discussion from Harry Hawk; music by Seventh Epic; and more
Jun 09
Speaking At SIPNOC 2014 On June 10 About TLS For SIP/VoIP/UC
What advantages does Transport Layer Security (TLS, what we used to call “SSL”) bring to voice-over-IP (VoIP) that uses the Session Initiation Protocol (SIP)? What is the state of TLS usage within SIP and VoIP? Why isn’t it being used more?
Tomorrow, June 10, 2014, I’ll be speaking at the SIP Network Operators Conference (SIPNOC) 2014 event down in Herndon, Virginia, on the topic of “Is It Time For TLS For SIP?“. I’ll be discussing why we need more TLS usage in SIP-based communication, including what we think of as “VoIP” and also “Unified Communications (UC)”. The abstract for my talk is:
With concerns about large-scale pervasive monitoring on the Internet, many groups are encouraging the increased use of Transport Layer Security (TLS, what we used to call “SSL”). While SIP has had TLS support for quite some time, it is often not used. This session will look at concerns of using TLS with SIP and discuss opportunities for providing higher security for SIP-based communication. The session will also outline some newer innovations such as the DANE protocol that when coupled with DNSSEC can provide a higher level of trust for TLS encryption.
As you can tell, my focus will be around the “TLS for Applications” topic area we have here on Deploy360, as well as some discussion around DANE and what it can bring in terms of increased security.
I’ve spoken at SIPNOC events for the past two years (and before that) but my topic has always included IPv6. This time I won’t be doing that… but to my delight one of the talks before mine tomorrow will be Carl Klatsky from Comcast providing a case study of their work their voice services to IPv6. Here is his abstract:
Comcast Voice IPv6 Deployment Lessons Learned. Presented by Carl Klatsky, Comcast.
This presentation will review the successes, challenges, and lessons learned in deploying IPv6 support into Comcast’s IMS based SIP voice network, in support of an upcoming IPv6 technical trial. The presentation will review the overall target architecture covering both access and network side elements, and share the lessons learned with the SIP community.
I’m very much looking forward to hearing what Carl has to say!
There are many other great sessions on the SIPNOC 2014 agenda. Unfortunately I can only be at the event tomorrow and will be missing out on the great content on Wednesday and Thursday. You can, of course, expect to find me in any of the security-related sessions on Tuesday!
If any of you reading this are at SIPNOC 2014 tomorrow please do feel free to say hello!
P.S. And before anyone asks in the comments, no, there is not a live stream (or recordings) of the SIPNOC sessions. They try to keep it an informal atmosphere where information can be shared with the conference sessions without that information being immediately public.
Jun 09
What Major Change Is SoundCloud About To Make To Their Mobile Apps?
We noticed you've used our app to record and upload tracks to SoundCloud. With an upcoming version of the app, we'll be making changes to the way tracks are stored on your phone. If you have tracks that you've recorded but haven't uploaded, please follow the instructions below to save them. You can upload the tracks to your SoundCloud profile, or you can download them to your computer. Please do this as soon as possible to ensure that you don't lose anything you've recorded.
I cringed when I saw this... because I do use the SoundCloud app on my iPhone to record tracks for my "The Dan York Report" podcast and I do keep a number of different unpublished tracks sitting in the SoundCloud app. Often I may record a sound somewhere with the intent of later folding that into a recording (and which, admittedly, I often wind up never getting around to doing).
The key message of the email from SoundCloud is this:
YOU WILL LOSE YOUR TRACKS THAT YOU HAVE NOT UPLOADED UNLESS YOU TAKE ACTION BEFORE THE UPGRADE!
The email points out that all you need to do is upload the tracks to your SoundCloud account - and you can do so and make them "Private" so that they are only visible to you. They also note that you can download your sounds to your computer if you would prefer to do that. I chose to upload my tracks to SoundCloud as private recordings.
IMPORTANT: Note that when you upload your tracks to SoundCloud, the original date information will NOT be saved! That track you recorded in December 2012 that has the title "Sounds from Tuesday evening" will be uploaded to SoundCloud with a timestamp of when you upload the track. So if the date of the original recording is important to you, you may want to incorporate that date into the title of the track BEFORE you upload the track.
If you don't know what I'm talking about, the email from SoundCloud helpfully provided this image showing tracks that have not been uploaded:
I cringed when I read the email from SoundCloud for a larger reason. This upload of local tracks was no big deal. I was done in maybe 5 minutes. My larger concern though is... what is SoundCloud going to do to the recording experience?
Right now I mostly used the SoundCloud iOS app to record my TDYR podcasts (as I explained in an episode) as my TDYR podcast is all about trying to see how minimally and easily a podcast can be recorded.
However, the SoundCloud app seems to continue to move to being more about music consumption rather than creation. This started a while back when they moved "Record" from the home screen to being under the "..." menu choice. And then we haven't really seen any improvements or changes to the recording capability.
Will they improve the recording experience? Or further de-emphasize it?
We'll see... but in the meantime if you have any local recordings in the app you need to do something if you want to retain any of those recordings.
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
Jun 06
Happy World IPv6 Launchiversary! Two Years Of Remarkable IPv6 Growth (Featured Blog)
Happy Launchiversary! It's been two years since World IPv6 Launch in 2012, the day many major Internet Service Providers (ISPs), home networking equipment manufacturers, and web companies around the world started permanently enabling IPv6 for their products and services. In the last two years, participation and interest in IPv6 has only grown. Today nearly 250 network operators around the world are participating in World IPv6 Launch measurements, and we continue to see increased IPv6 deployment by network operators, websites, and home router vendors. More...
Jun 06
A Quick Ebook To Learn About IPv6: The Consumer Guide
Are you looking for a quick way to learn more about IPv6 and how to get started? Would you like to quickly set up a computer to test out IPv6 and learn how to use it?
If so, check out the Consumer Guide: All About IPv6. Published by the Internet Society Hong Kong Chapter, this ebook gives a basic introduction to IPv6, then provides tutorials for configuring IPv6 on consumer devices. It explains what IPv6 is all about by explaining IPv4 exhaustion and other benefits of IPv6 adoption. It also includes tutorials detailing how to enable and configure IPv6 and 6in4 tunneling on typical consumer software including Windows 7, Apple’s OS X, VPN clients, and home routers.
The book is a well-done basic introduction to IPv6 that is easy to read and understand. It is available both as a PDF that can be printed or read in an ebook reader or on a tablet or smartphone – or as a website for desktop viewing, complete with a clickable table of contents and other controls.
Thanks to the ISOC Hong Kong Chapter for creating such a useful guide!
If you are looking for more resources to get started with IPv6, please visit our “Start Here” pages that can guide you to resources appropriate to your type of organization or activity.
Jun 06
Dhcpy6d – A new tool to help with DHCPv6 (DHCP for IPv6)
We received the following guest post from Henri Wahl in the IT Department of the Leibniz-Institut für Festkörper- u.Werkstoffforschung (IFW) in Dresden, Germany.
Getting DHCPv6 to work
We run a network with approximately 1.000 client hosts. To use dualstack we decided to provide hosts with IPv6 addresses via DHCPv6. We wanted to use our existing MAC-based IPv4 address provisioning for IPv6 too and SLAAC gives not enough control regarding different classes of clients and dynamic DNS updates. Sadly we found no working solution, especially because RFC 3315 does not consider MAC addresses as useful. Thus we had to develop our own incarnation of a DHCPv6 server.
The result is dhcpy6d, available as open source at https://dhcpy6d.ifw-dresden.de and written in Python. It retrieves MAC addresses from local neighbor cache and this way allows us to keep our address management solution for IPv4 and IPv6.
Our DHCPv6 server allows to identify clients by MAC address, DUID or hostname. Clients can be organized in different classes. Addresses can be generated randomly, from MAC address, by range or by a given ID. Clients can get multiple addresses. Leases are stored in MySQL or SQLite databases. DNS information might be updated with ISC Bind9.
In practice we found Windows clients from Vista and up to be working perfectly as DHCPv6 clients. They even have no problems to receive multiple addresses per client. Linux and MacOSX desktop clients still fail on this.
Dhcpy6d still is work in progress but already works flawlessly on a daily basis. There are at least some universities which use it.
For details see https://dhcpy6d.ifw-dresden.de/documentation/ .
Jun 06
Great IPv6 Work Happening In Grenada In The Caribbean
Joining in to the celebration of World IPv6 Launchiversary, Brent McIntosh sent us some info about all the great IPv6 work they are doing on the island of Grenada in the Caribbean. You can view the PDF simply by clicking/tapping the image below:
Congratulations to Brent and all the others involved for the excellent IPv6 activity happening there!
