VoIP Security Interview with Rohan Mahy
Open Standards VoIP Security – On the Fast Track
I had the opportunity to speak with Rohan Mahy yesterday and we had some great conversation about existing and new VoIP Security specifications proposed by the IETF. We talked about TLS, SRTP, S/MIME and some newer specifications which are looking very strong and from what I heard from Rohan these standards will all but solve the VoIP identity, eavesdropping and spoofing issues.
According to Rohan, some firms already using this technology include Cisco, Xten, Snom, Nokia, and NTT Labs.
Download the VoIP Security Interview
MP3 | 3.5MB | 18Mins
Some questions answered:
– What VoIP security standards are available to vendors and developers today?
– What new specifications are coming down the pipe?
– How does this technology compare to PGP VoIP from Zimmerman?
– What is the outbound originated requests draft?
Download Rohan’s description of TLS, SRTP, S/MIME and the new Certificate Management Service for SIP
MP3 | 1.25MB | 7.25Mins
Some questions answered:
– What is TLS, SRTP & S/MIME?
– What is the new Subscribe Notify specification using certificates?
I also asked Rohan what he thought of P2P SIP:
– What part do you think P2P SIP will play in this?
– What do you think of Skype and their recent valuation?
Download Rohan’s Comments on P2P SIP and Skype
MP3 | 1.5MB | 9Mins
Rohan talks about traditional SIP mirrored network services as an alternative to pure P2P SIP and provided some interesting comments on Skype including the fact that Skype is using SIP on the PSTN Gateway they connect to for Skype-in and Skype-out. Which means that Skype has had to build and now maintain transcoding and protocol translation gateways.
Rohan Mahy is a senior consultant on SIP, VoIP, and Network Address Translation. Previously, Rohan was Chief Voice Architect at Airespace, working on integration of location and real-time services into the Airespace wireless LAN system, and assisting partners with implementation of voice over wireless LANs. Prior to Airespace, Rohan worked for Cisco Systems for eleven years, most recently as a Network Architect in the Voice Technology Group, where Rohan led initiatives in voice security, configuration and administration, distributed call control, and NAT and firewall traversal.
Rohan is a well known leader within the VoIP industry, including regular speaking engagements and heavy involvement in the IETF, where he is co-chair of both the SIP and SIPPING working groups. Rohan is also co-chair of the recently formed SIP Forum Technical working group, and active in the design of the reSIProcate open-source SIP stack.
SIP WG
http://www.ietf.org/html.charters/sip-charter.html
SIP WG supplemental website
http://www.softarmor.com/sipwg/
SIPPING WG
http://www.ietf.org/html.charters/sipping-charter.html
SIPPING WG supplemental website
http://www.softarmor.com/sipping/
TLS
http://www.rfc-editor.org/rfc/rfc2246.txt
S/MIME
http://www.rfc-editor.org/rfc/rfc3851.txt
SRTP
http://www.rfc-editor.org/rfc/rfc3711.txt
SIP Identity
http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-05.txt
Outbound-oriented Connections
http://www.ietf.org/internet-drafts/draft-ietf-sip-outbound-00.txt
SIP Certificate Management
http://www.ietf.org/internet-drafts/draft-ietf-sipping-certs-02.txt
WebRTC.is 
P2P, SIP and Security
For the past couple of days, Erik has posted discussions on SIP based P2P and security issues. These discussions are in audio format and are really interviews with Cullen Jennings, Rohan Mahy and Eriks interview to Voxilla. The following is…