Deploy360 17 April 2013

Speaking at SIPNOC Next Week About IPv6 and DNSSEC With VoIP

By Dan YorkDirector, Internet Technology

SIPNOC 2013 logoInterested in how voice-over-IP (VoIP) can work with IPv6? Want to know how DNSSEC can add a layer of security to VoIP?  Next week I’ll be speaking on these precise topics at the SIP Network Operators Conference (SIPNOC) sponsored by the SIP Forum and happening in Herndon, Virginia.

SIPNOC is an excellent conference that I’ve very much enjoyed over the past few years that brings together many of the key players involved with moving our telecommunications infrastructure from its PSTN roots into the world of IP communications. Its target is operators and so you have a good number of people there who are providing VoIP services to customers – typically using the SIP protocol.  The schedule is always an interesting mix of operational best practices, security concerns, new technologies, policy and other topics.  This year it’s good to see WebRTC being on the agenda in several places, as that will have an effect on the overall VoIP infrastructure.  (FYI, there is still time to register to attend the SIPNOC event.)

As shown on the SIPNOC schedule, I’ll be participating in these sessions:

IPv6 And SIP – Myth or Reality?
Wednesday, April 24, 10:45-11:45am

In this session we’ll be exploring what is really going on with VoIP and IPv6 and seek to answer questions such as:

  • What’s going on with SIP over IPv6?
  • What are the main challenges to using SIP with IPv6?
  • What do we know about the status of current equipment working with IPv6?
  • What are the SIP Forum and others in the industry doing to help advance the state of the art?
  • Where do we see SIP and IPv6 going?

I’m very much looking forward to the session and have several panelists joining me in a discussion-style panel that should be quite educational and interesting.

Who are You Really Calling? How DNSSEC Can Help
Thursday, April 25, 9:30-10:00am

My goal with this session is to explain what DNSSEC is all about and to look at how it can potentially help to secure a few aspects of VoIP communication.  As I wrote in the abstract:

When Alice calls Bob, how does she know that she is really communicating with Bob’s SIP server? Sure, her software grabs a SRV record for Bob’s server from DNS, but how does Alice’s systems know whether that is the *correct* DNS record for Bob’s server? What if an attacker were able to inject DNS records that redirect Alice’s call to another system? What if there were a way that the SIP endpoints could be certain about the address of the other system they want to call?

I’ll also be talking about the Jitsi softphone that now supports DNSSEC as I wrote about in the past and more recently interviewed Emil Ivov, the Jitsi project lead.  I hope to get some people thinking about the possibility of using DNSSEC and looking into how it can work more with their VoIP infrastructure.

Beyond those sessions, I’ll also be engaging the “VoIP security” side of my background and moderating two sessions on Monday, April 23:

  • 5:15-6:15pm – Panel Discussion:  Anatomy of  a VoIP DMZ
  • 7:30-8:30pm – VoIP Security Birds-of-a-Feather (BOF)

The BOF, in particular, should be interesting as last year it was a very frank and open conversation between operators about the security issues they were facing.  Much good information – and solutions – were exchanged.

I’m very much looking forward to this event and if you are going to be at SIPNOC please do say hello.

At the current time the event is not being livestreamed, but I’m planning to record at least my sessions and make the video available through the Deploy360 YouTube channel.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...