Next week in Prague, at the 68th IETF meeting, there will be a great many meetings of importance to people concerned about VoIP security, but perhaps none more important than the RTPSEC BOF about SRTP key exchange on Monday, March 19th. As readers and listeners know, one of the key missing standards right now is how vendors can exchange encryption keys for SRTP.
It sounds (and is) geeky, but here’s the impact to the market. Right now, if you buy an IP-PBX system and IP phones from Vendor A, but you want t also buy some SIP phones from Vendor B, there is currently no agreed-upon way for Vendor A and Vendor B’s phones to send secure voice from one phone to the other. Within Vendor A’s IP-PBX and phones, SRTP can be used – and if you were to buy a full system from Vendor B, SRTP could be used entirely there… but there is no agreed-upon way to let Vendor B’s phones work with Vendor A’s phones for SRTP.
Back at IETF 66 in July 2006 there were 11 or 13 proposals (which we covered in Blue Box Podcast #22) but the fields been narrowed now to basically three: DTLS, ZRTP (Phil Zimmermann’s proposal) and a new version of MIKEY. Dan Wing is leading another face-to-face session next week in Prague where the intent is to try to narrow this even further and see if we can’t all agree on a common standard for how to do SRTP key exchange.
IF YOU HAVE COMMENTS OR OPINIONS, NOW is the time to make them! If you can’t get to Prague, you can still join the RTPSEC mailing list or read the Internet Drafts and send comments in to the authors. Please read the drafts and do provide comments… if we are to see secure voice interoperability between SIP phones, this meeting and the discussion therein is extremely important. Please make your opinion heard.