As part of being a member of the IETF security area directorate I have to review documents. Recently, I had to review a document called Reclassification of the APEX RFCs to Historic. When I browsed through the extremly short document I was wondering what APEX actually is. When I looked
There might be a BOF on SPAM for Internet Telephony (SPIT) at the Chicago IETF meeting. Here are some of the documents I have been working on: Anti-SPIT : A Document Format for Expressing Anti-SPIT Authorization Policies Authorization Policies for Preventing SPIT SPAM for Internet Telephony (SPIT) Prevention using the
Cullen Jennings recently posted his plan how to move forward with media security work. In short, the following groups are affected: TLS: modifications that may be required to DTLS to allow DTLS to generate the keys for SRTP AVT: how DTLS is used to key SRTP MMUSIC: scheme for transporting
This document gives guidance on securing manually configured IPv6-in-IPv4 tunnels using IPsec in transport mode. No additional protocol extensions are described beyond those available with the IPsec framework. This memo provides information for the Internet community.
Emergency Services Documents in the IETF This post describes a typical emergency service message exchange with references to the current IETF documents. The description focuses on the proxy recognition and proxy resolution exchange. The following figure shows the architecture and message flow being discussed: The interaction starts in this case
Are there problems when RADIUS or Diameter is used for application layer authentication, authorization and accounting? Well, there are security aspects that need to be addressed. What happens to the credentials that are provided to the application provider (such as a VoIP provider, Web Service, …). The following figure shows
There was recently an interesting posting by Robert Sparks about the SIPit 20 interoperabilty tests. This caused Dan York to post a note in his weblog. In the IETF on the work of Diameter (in DIME) we also organized two interop events that revealed some problems with the availability of
We have just recently resubmitted the Diameter test suites: Diameter Base Protocol Interoperability Test Suite http://www.tools.ietf.org/html/draft-fajardo-dime-base-test-suite-00 Diameter Credit Control Interoperability Test Suite http://www.tools.ietf.org/html/draft-fajardo-dime-dcc-test-suite-00 Diameter Applications Interoperability Test Suite http://www.tools.ietf.org/html/draft-fajardo-dime-misc-app-test-suite-00 We used them for the interop testing in Mt. Laurel, NJ (2006) and Orlando (2007).
Richard noticed that OFCOM has released their VoIP regulatory statement. Here is his weblog entry: UK Ofcom released on 29 March 2007 the Regulation of VoIP Services (Statement and publication of statutory notifications under section 48(1) of the Communications Act 2003 modifying General Conditions 14 and 18). A summary can
Here is a quote from http://it.slashdot.org/article.pl?sid=07/05/01/0337258&from=rss This article in the NYTimes discusses how a recent rash of high-profile mobile phone taps in Italy is spurring a rush toward software-encrypted phone conversations. Private conversations have been tapped and subsequently leaked to the media and have resulted in disclosures of sensitive takeover