[VOIPSEC] Prevailing trends in securing the SIP signaling plane
Vijay K. Gurbani
vkg at alcatel-lucent.com
Tue Apr 14 13:44:27 CDT 2009
J. Oquendo wrote:
> Vijay, out of these statistics, what percentage of it boils
> down to carriers and site to site (one office to another).
Right -- so the SIPit results are shared publicly, but the
specific vendors behind the implementations are not
disclosed. So, I am unable to break these statistics down
to carriers, etc. However, since major vendors do
participate at these bakeoffs, and since major carriers do
but equipment from major vendors, the chance of TLS
trickling down should be exceedingly good as we move along.
> From my view as a carrier who's peered with Level3, Global,
> Verizon, pukeListGoesOn... I can tell you, I've never seen
> any kind of interop testing they've required from us.
Interoperability tests for TLS, especially for SIP's use of
TLS are in the process of being standardized. The following
pair of drafts, which are fairly baked (i.e., post WGLC in
IETF-speak) discuss X.509 certificates for TLS connections:
http://tools.ietf.org/html/draft-ietf-sip-domain-certs-03
http://tools.ietf.org/html/draft-ietf-sip-eku-04
In addition, when I had put TLS in our SIP stack, I had
came up with a set of test cases that are now part of
an ongoing work in the IETF (please see
http://tools.ietf.org/html/draft-ietf-sip-sec-flows-01,
Section 8).
So ... in short, there is work progressing on clarifying the
use of TLS in SIP. I do agree that some carriers may not be
fully aware of this work; however, it does exist.
Ciao,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
Web: http://ect.bell-labs.com/who/vkg/
More information about the Voipsec
mailing list