Category: SIP
-
/
The Publishing of RFC 8496 Concludes the 10-year Saga of P-Charge-Info
Continue Reading: The Publishing of RFC 8496 Concludes the 10-year Saga of P-Charge-InfoOctober 31, 2018, was a special day for me. Not because it was Halloween, but because after 10 years a small little document I co-authored about the “P-Charge-Info” header for SIP-based Voice-over-IP (VoIP) was published as informational RFC 8496. You can see it at either:
Ultimately, all this document does is register the Session Initiation Protocol (SIP) Header Field of “P-Charge-Info” within the “SIP Parameters” registry maintained by IANA at:
But the story of getting that registration to happen is a long one!
In the beginning…
The short version is this. Back in around 2007 or so, I was working for Voxeo and we were using the “P-Charge-Info” header in our large SIP-based application server to pass along billing information. Essentially, when someone made a call on our system, we wanted to pass a billing identifier that was often different from the source phone number (i.e. “CallerID”). This quote from RFC 8496 was pretty much Voxeo’s use case:
As another example, a hosted telephony provider or hosted voice
application provider may have a large SIP network with customers
distributed over a very large geographic area using local market PSTN
numbers but with… -
/
Audio Recording: My SIPNOC 2014 Talk – “Is It Time For TLS For SIP?”
Continue Reading: Audio Recording: My SIPNOC 2014 Talk – “Is It Time For TLS For SIP?”Is it time to use Transport Layer Security (TLS… essentially what we used to call “SSL”) to add a layer of trust and security to Voice-over-IP (VoIP) that uses the Session Initiation Protocol (SIP)?Way back in June 2014, I gave a talk on this topic at the SIP Network Operators Conference (SIPNOC) in Herndon, Virginia. I recorded the audio of the session… but then lost track of the recording. I recently found it and, since much of it is (sadly) still relevant, I decided to release the recording as one of my The Dan York Report audio podcast episodes:
The slides that go with the presentation are available on SlideShare:
You’ll see in the slide deck that I also provide some tutorials around DANE and DNSSEC along the way.
Coincidentally, I learned on Facebook over the weekend that my friend Olle Johansson was speaking on this exact topic at the FOSDEM 2016 conference in Brussels this weekend. His slides about SIP & TLS are also available on SlideShare, and he has more recent information – and also the conclusion that we need to use “SIP Outbound” for any of this to work:
Olle’s last slide about what we need…
-
/
Join Me On VUC Today At Noon US EDT To Talk IPv6, IoT, WebRTC and more…
Continue Reading: Join Me On VUC Today At Noon US EDT To Talk IPv6, IoT, WebRTC and more…Today at 12 noon US Eastern (in about 3.5 hours), I’ll be part of a panel on the VoIP Users Conference (VUC) talking about IPv6, WebRTC, the Internet of Things (IoT) and much, much more… you should be able to watch it live at live.vuc.me or embedded here:
VUC host Randy Resnick had a scheduled guest be unable to attend and so he asked a group of us to come on for what he is calling a “VUC Vision” session. I will be on there, as will, I believe, Tim Panton and a number of others. I expect the discussion should range over good variety of topics. It should be a good time… you’re welcome to join in the discussion.
It’s probably best to also join the IRC backchannel where links are shared, questions are answered and other comments occur. You also can visit the Google+ event page for the VUC session today where there may be additional links and info.
If you won’t be at your computer, you can also call in via:
- sip:200901@login.zipdx.com
- +1 (646) 475-2098
- Skype:vuc.me
The session will of course be recorded so you can listen/watch later.
If you found this post interesting or useful, please consider either:…
-
/
How Do We Define ‘SIP’ For Telecom In 2014?
Continue Reading: How Do We Define ‘SIP’ For Telecom In 2014?“What is a minimum set of specifications that a vendor must implement to be able to say that it is SIP-compliant?”A friend asked me that question and my response was:
It depends.
and even more unfortunately:
I don’t know.
It turns out to be a challenging question to answer… and it led me to ask:
- How do we define what “SIP” is for telecommunications in 2014?
- How do we help vendors move their products/services to be based on SIP?
- As we talk about “turning off the PSTN” and “moving all telecom to IP”, how can we make it easier for companies to switch to using SIP?
The reality is that being “SIP-compliant” does turn out to depend upon where in the larger SIP interconnection ecosystem the vendor is located.
Is the vendor:
- a SIP client, in terms of a “hard” phone, a softphone, or other application that is seeking to connect to a SIP server?
- a SIP server seeking to connect to a SIP “service provider” to have connectivity out to the PSTN and other SIP networks?
- a SIP service provider seeking to interconnect with other SIP service providers and to the PSTN?
- a middlebox such as a firewall…
-
/
SIPNOC 2014 Begins Today In Virginia – I am speaking about TLS and SIP (and DANE)
Continue Reading: SIPNOC 2014 Begins Today In Virginia – I am speaking about TLS and SIP (and DANE)Today I’m back at the Hyatt Dulles in Herndon, Virginia, for the fourth SIP Network Operators Conference (SIPNOC) event. These SIPNOC sessions are great because they bring together the people actually operating the SIP-based networks that make up our telecommunications infrastructure. SIPNOC continues to be THE best place I’ve found to interact with the people actually taking SIP standards and making them happen in the “real world”.
I’ve been to all four SIPNOCs – and I continue to find them outstanding events, not only because of the excellent technical content, but also because of the people.
In many cases, these are the “phone guys” (and gals) who have found their way to IP. The “Bellheads” of the age-old “Bellhead vs Nethead” debate. The “telcos”. The people who have been doing telecom for decades… and are now evolving to IP.
In other cases, the people here are the new contenders. The cable companies are here – and they are strongly challenging the legacy telcos, and they are creating entirely new IP-based infrastructures. The “Internet Telephony Service Providers (ITSPs)” and “SIP Trunking” providers are here, too… companies that are reimagining what telecom can be in an IP space. Newer vendors… newer application…
-
/
Can We Create A “Secure Caller ID” For VoIP? (Join Tomorrow’s STIR BOF To Learn More)
Continue Reading: Can We Create A “Secure Caller ID” For VoIP? (Join Tomorrow’s STIR BOF To Learn More)Can we create a “secure Caller ID” for IP-based communications, a.k.a. voice-over-IP (VoIP)? And specifically for VoIP based on the Session Initiation Protocol (SIP)? Can we create a way to securely identify the origin of a call that can be used to combat robocalling, phishing and telephony denial-of-service (TDOS) attacks?
That is the challenge to be undertaken by the “Secure Telephone Identity Revisited (STIR)” group meeting tomorrow morning, July 30, 2013, at 9:00 am in Berlin, Germany, as part of the 87th meeting of the Internet Engineering Task Force (IETF). The meeting tomorrow is a “Birds Of a Feather (BOF)”, which in IETF language is a meeting to determine whether there is sufficient interest to create a formal “working group” to take on a new body of work within the IETF. The proposed “charter” for this new work begins:
Over the last decade, a growing set of problems have resulted from the lack of security mechanisms for attesting the origins of real-time communications. As with email, the claimed source identity of a SIP request is not verified, and this permits unauthorized use of source identities as part of deceptive and coercive activities, such as robocalling (bulk unsolicited commercial communications),…
-
/
At SIPNOC 2013 This Week Talking About VoIP And IPv6, DNSSEC … and Security, Of Course
Continue Reading: At SIPNOC 2013 This Week Talking About VoIP And IPv6, DNSSEC … and Security, Of CourseOne of the conferences I’ve found most interesting each year is the SIP Network Operators Conference (SIPNOC) produced by the SIP Forum, a nonprofit industry association. Part of my interest is that it is only an educational conference, i.e. there’s no massive exhibit floor or anything… it’s all about education. It also brings together pretty much all the major players in the “IP communications” space – certainly within North America but also from around the world.
I’ll be there this week in Herndon, Virginia, talking about how VoIP can work over IPv6 and how DNSSEC can make VoIP more secure. The sessions I am directly involved with include:
- Panel Discussion: Anatomy of a VoIP DMZ
- VoIP Security BOF
- Panel Discussion: IPv6 and SIP – Myth or Reality?
- Who Are You Really Calling? How DNSSEC Can Help
There are quite a range of other topics on the SIPNOC 2013 agenda, including a number of other talks related to security.
It should be quite a good show and I’m very much looking forward to it. I’m particularly looking forward to my “DNSSEC and VoIP” talk on Thursday as that is a topic I’ve not presented on before… but I think…
-
/
VUC Today: The Jitsi VoIP Softphone – Join The Call To Learn More!
Continue Reading: VUC Today: The Jitsi VoIP Softphone – Join The Call To Learn More!What is new with the Jitsi softphone these days? What new capabilities does it have as it continues to expand its support of SIP, XMPP and other protocols?
I’ve long been a fan and user of Jitsi, in part because it supports IPv6 and is the only VoIP softphone I know of right now that supports DNSSEC, something I’m continuing to experiment with, so I’m looking forward to today’s “VoIP Users Conference (VUC) call at 12 noon US Eastern – about 2.5 hours from now.
You can watch it live via a Google+ Hangout On Air, or call in (potentially using Jitsi!) via:
- sip:200901@login.zipdx.com
- +1 (646) 475-2098
- Skype:vuc.me
There’s also an IRC backchannel where links are shared, questions are answered and other comments occur.
And for those of you using Google+, there is a Google+ Event you can join.
It should be a good show! (And yes, you can watch it / listen to it later…)
If you found this post interesting or useful, please consider either:
-
/
Oracle Buys Acme Packet For $2 Billion To Gain SIP Session Border Controllers (SBCs) And More
Continue Reading: Oracle Buys Acme Packet For $2 Billion To Gain SIP Session Border Controllers (SBCs) And MoreFascinating news today out of Oracle that they have purchased Acme Packet in a transaction estimated to be around $2 billion US. For those of you not really tracking the VoIP security space, Acme Packet is probably the world’s largest vendor of “session border controllers (SBCs)“, devices that are used to securely and reliable interconnect VoIP networks. SBCs also provide a very important role in helping with interoperability of Session Initiation Protocol (SIP) signaling between the SIP products and networks of different vendors.As Andy Abramson writes, the fascinating aspect of this acquisition is this:
This is an interesting grab by one of the tech world’s true giants because it sqaurly puts Oracle into a game where they begin to compete with the giants of telecom, many of whom run Oracle software to drive things including SBC’s, media gateways and firewall technology that’s sold.
This acquisition does put Oracle VERY firmly into the telecom sector at a carrier / large enterprise level, as Acme Packet’s products are widely used within that tier of companies. As the news release notes:
“The company’s solutions are deployed by more than 1,900 service providers and enterprises globally, including 89 of world’s top 100…
-
/
Next SIPit Test Event Feb 18-22 – Deadline of Feb 4 For Registration
Continue Reading: Next SIPit Test Event Feb 18-22 – Deadline of Feb 4 For RegistrationAre you a vendor of SIP-based products and services? Do you have software or hardware (or cloud-based products) that use SIP? If so, are you planning to attend the next SIPit test event planned for February 18-22, 2013, in Raleigh, North Carolina?
The SIPit events are an outstanding place to test your SIP implementations. Where else will you have so many other vendors also testing their equipment? It’s a great place to go, test… and iterate your code even while you are there so that you can test again.
The registration deadline is Feb 4, 2013 for SIPit 30, so you need to act soon if you want to attend.
Olle Johansson posted a great set of slides about why you should go to SIPit: Participate in SIPit from Olle E Johansson
And reaching back to 2009, here’s a video interview I did with Robert Sparks about the SIPit test events:
If you are a vendor of SIP products or services, I would strongly encourage you to consider attending the next SIPit. It’s a great way to make sure your SIP works as best as it can.
If you found this post interesting or useful,…