[VOIPSEC] Last call for comments on SIP Media Security Requirements - Fwd: [Sip] WGLC for draft-ietf-sip-media-security-requirements-04
Dan York
dyork at voxeo.com
Thu Apr 3 10:17:43 CDT 2008
VOIPSEC readers,
For the last couple of years Dan Wing has been leading an effort
within the IETF to nail down the requirements for securing media in a
SIP exchange. You'll recall conversations here in the past around
different encryption methods and different methods of SRTP key exchange.
After all that time, the "Requirements and Analysis of Media Security
Management Protocols" document has finally entered what is called
"Working Group Last Call" where the chairs of the IETF Working Group
ask for any final comments before the document is recommended for
publication. If you have not seen the document, here is the most
recent draft:
http://www.ietf.org/internet-drafts/draft-ietf-sip-media-security-
requirements-04.txt
If you do have comments, they are requested to be sent to the SIP
mailing list before April 7th. (You do have to join the list to post.)
Regardless of whether you have comments or not, I think it's a great
document for folks to *read* as it outlines the various attack
scenarios, the challenges for encrypting media (such as forking and
early media) and also in the lengthy Appendix A provides an overview
of the existing SRTP key exchange mechanisms.
I think it's well worth a read for anyone working with VoIP security.
Regards,
Dan
Begin forwarded message:
> From: Dean Willis <dean.willis at softarmor.com>
> Date: March 22, 2008 12:59:43 AM EDT
> To: SIP List <sip at ietf.org>
> Cc: Cullen Jennings <fluffy at cisco.com>, Keith Drage <drage at alcatel-
> lucent.com>, Dan Wing <dwing at cisco.com>
> Subject: [Sip] WGLC for draft-ietf-sip-media-security-requirements-04
>
>
> I'm pleased to announce a Working Group Last Call on the Media
> Security Requirements document.
>
> Please give this a final read through and send any comments to the
> author and the working group mailing list.
>
> I'd like to wrap this by April 7. We should be ready to move on to the
> DTLS framework document immediately afterwards. I hope.
>
> For your reading pleasure, here's a link to the most recent version of
> the requirements doc:
>
> http://www.ietf.org/internet-drafts/draft-ietf-sip-media-security-
> requirements-04.txt
>
>
> --
> Dean Willis
> Officiously Acting as Co-Chair
> _______________________________________________
> Sip mailing list https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors at cs.columbia.edu for questions on current sip
> Use sipping at ietf.org for new developments on the application of sip
--
Dan York, CISSP, Director of Emerging Communication Technology
Office of the CTO Voxeo Corporation dyork at voxeo.com
Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com
Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com
Build voice applications based on open standards.
Find out how at http://www.voxeo.com/free
More information about the Voipsec
mailing list