I am happy to finally see the publication of our “Emergency Services for Internet Multimedia” article in the IP Protocol Journal. Together with Henning Schulzrinne we wanted to capture the ongoing work on IP-based emergency services in the IETF and to make it accessible for a broad audience. It was
Category: articles
Emergency Services and Security
In a recent review by Bernard Aboba regarding a documents I wrote together with Henning Schulzrinne about “trustworthy location information” (with slides from the last IETF meeting below). The above slides build on previously presented slides shown below: Bernard included a link to an interesting article that is worth reading
NIST Key Management Workshop
Here is an announcement of interest for the IETF KEYPROV working group (and security groups in the IETF in general. http://xml.coverpages.org/keyManagement.html#NIST-KeyManagement200906 says: A NIST Key Management Workshop will be held June 8-9, 2009 at the U.S. National Institute of Standards and Technology, Gaithersburg, Maryland, USA. Registration is required by May
OASIS Key Management Interoperability Protocol
Recently, OASIS announced the creation of a new key management standards effort called KMIP (Key Management Interoperability Protocol. See new stories below: http://www.infoworld.com/article/09/02/12/HP_IBM_push_new_KMIP_encryption_key_standard_1.html http://www.centredaily.com/business/technology/story/1115505.html You can download the draft standard and FAQs from here: http://xml.coverpages.org/KMIP/ A short summary: The increased use of encryption for securing information in the enterprise reflects
Security Assessment of the Transmission Control Protocol (TCP)
Fernando Gont [fernando@gont.com.ar] posted a mail to the SAAG mailing list about the work he did on analyzing TCP. His publication has triggered discussions in the IETF on how to publish these types of documents and his publication was picked up by the media as well. Here is what Fernando
BlackHat Presentation about SSL/TLS Vulnerabilities
The presentation provided (among other things) details on how browsers today still remain vulnerable to attacks because they fails to check the Basic Constraints extension.
2nd International Workshop on Mobile and Wireless Networks Security (MWNS’09)
For those of you who care about mobility and security you might be interested in the following conference. As noted below, I plan to give the keynote speech. *MWNS’09* is the *second event* in the series of international workshops on “Mobile and Wireless Networks Security”, following the highly successful MWNS
Notruf Handbuch
Karl Heinz Wolf and Alexander Mayrhofer have worked on a book describing the IETF emergency services architecture and their contributions at NIC.AT. The book, which is written in Germany and focuses on the situation in Austria, can be bought here. Their webpage contains more information about the book and about
Creating rogue CA certificate using MD5 collisions
In case you have not heard about it yet: http://blogs.zdnet.com/security/?p=2339 Ekr explains all this in more detail, see http://www.educatedguesswork.org/2008/12/understanding_the_sotirov_et_a.html. A original paper can be obtained from here. Verisign is not sleeping and tells us what they did against this problem: https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
DNS Cache Poisoning – Part (2)
Here is a really nice slide set that explains the attack and the consequences. Thank you Thomas for sending me the pointer.