Media Security without a PKI

There seems to be a misunderstanding in the current discussion about media security (see http://www.imc.org/ietf-rtpsec/mail-archive/ for a mailing list archive) and the believe that PKI support is demanded by most of the solution proposals. That’s not true! ZRTP and the DTLS protocol for the protection of media traffic are two examples of proposals that do not

DTLS based Media Security

If you want to learn more about the approach please read the following drafts on how to secure real-time media traffic using DTLS: http://tools.ietf.org/id/draft-fischl-sipping-media-dtls-01.txt http://www.ietf.org/internet-drafts/draft-fischl-mmusic-sdp-dtls-02.txt http://www.ietf.org/internet-drafts/draft-mcgrew-tls-srtp-02.txt A nice slide set from the last IETF meeting can be found at: http://www3.ietf.org/proceedings/06nov/slides/avt-6.pdf

Diameter Quality of Service: New Documents available

New versions of the QoS documents are available as you have seen from the draft announcements. This post aims to show the relationship between the documents: http://tools.ietf.org/html/draft-ietf-dime-diameter-qos-00 This document describes the Diameter QoS application. http://tools.ietf.org/wg/dime/draft-korhonen-dime-qos-parameters-00.txt This document contains QoS parameters taken from an NSIS working group document and placed into

OCSP Extension for IKEv2

A new RFC was recently published that allows OCSP to be supported in IKEv2. Here is an extract from the abstract of http://tools.ietf.org/rfc/rfc4806.txt: ” While the Internet Key Exchange Protocol version 2 (IKEv2) supports public key based authentication, the corresponding use of in-band Certificate Revocation Lists (CRL) is problematic due

Enhancing Authentication Support for TLS

This document describes an extension to the TLS protocol to allow TLS clients to authenticate with legacy credentials using the Extensible Authentication Protocol (EAP). This allows many secure authentication and key exchange protocols to be used for client-side authentication even in an HTTP-based environment, ideally suited for many of the currently

Emergency Services Workshop 2007

Summoning police, fire department, ambulance or other emergency services in case of emergency is one of the fundamental and most-valued functions of the telephone. As telephone functionality moves from circuit-switched telephony to Internet telephony, its users rightfully expect that this core functionality will continue to work at least as well

Secure call recording with SIP and SRTP

Dan Wing, Steffen Fries, Francois Audet and myself have recently released a new Internet Draft called “Disclosing Secure RTP (SRTP) Session Keys with a SIP Event Package” that addresses situations where you want both the secure encryption of all voice and also the ability to record calls. However, right now this is difficult

LoST Draft Update

Another LoST draft update has been submitted, namely the -04 draft version http://www.ietf.org/internet-drafts/draft-ietf-ecrit-lost-04.txt LoST is an XML-based protocol for mapping service identifiers and geodetic or civic location information to service contact URIs.  In particular, it can be used to determine the location-appropriate PSAP for emergency services. The changes include clarifications

Common Policy

Common Policy, see http://www.ietf.org/rfc/rfc4745.txt, is a XML-based format for expressing privacy preferences. In order to be used it needs to be extended for a specific application usage. One such application using the Common Policy framework is for presence authorization (see http://tools.ietf.org/wg/simple/draft-ietf-simple-presence-rules/). A further example is location-based authorization policies (see Geolocation Policy described in