Archive for category SIP

First Look at the Blackphone

Full disclosure: I am good friends with Phil Zimmermann, co-founder of Silent Circle.  He and I worked together for many years to publish his ZRTP media security protocol as an RFC in the IETF standards body. I also helped him with his Zfone Project.  I’m also friends with Jon Callas, Travis Cross, and others at Silent Circle, who collaborated with Geeksphone to produce the Blackphone.


Blackphone Logo

 

 

After tclueconhe Blackphone was announced back in February in Barcelona, I ordered one as soon as they started taking orders, and have pretty much just been killing time ever since then.  I even had a false alarm delivery the other week when I was at the IETF conference inToronto.  Another package with an address that had “Black” in it arrived, and I jumped to the conclusion that it was my Blackphone.  Instead, my Blackphone arrived the day I was in Chicago at ClueCon, on a Security Round Table panel with Phil and Travis.

Blackphone BoxBlackphone AccsessoriesMy first impressions are quite positive: the packaging is good, the phone is nice to hold in the hand.  If anything, it feels lighter than I expected.  And it is black.  Included accessories are USB cable, charger with US and European plugs, and a headset.

Upon powering it up, you are prompted to create a pin or password, then it prompts you to encrypt the phone, which takes about 10 minutes or so.Blackphone Phone Encryption

I’ve been using Silent Circle for a while now on my iPhone, so I recognized the Silent Phone and Silent Text apps.  Silent Contacts was new to me, as were the other pre-installed security apps.

Blackphone Pre-Installed AppsIt took me a little while to get Silent Phone and Text working.  I had forgotten that I had to look up the Product Keys to get the Silent Circle Ronin code to activate the service and create my account.  The Silent Circle apps are similar to those on my iPhone although the user interface is inscrutable.  Why does it show one grey dot when I’m calling then switch to three green dots when I’m connected and ZRTP has been authenticated?  What does “Secure to server” mean?  Hopefully this is an easy fix to the UI to make it understandable.

Next, I need to try out SpiderOak and Disconnect.Me.  Also, I haven’t put a SIM in yet.  My friend James Body has given me a fantastic Truphone travel SIM that I really could have used last month during all my travels…

Look for a future post on these topics.  As always, questions & comments most welcome.

Advertisements

, , , ,

1 Comment

The State of SIP

Today, Eric Krapf’s NoJitter published an interview with me “Where Do We Stand With SIP? An Interview with Avaya’s Dr. Alan Johnston”.

I talk about the state of Session Initiation Protocol interoperability, and about some of the recent activities of the SIP Forum to improve things.

One activity is SIPNOC, the SIP Network Operators Conference.  The second SIPNOC will be held this June in Herndon, Virginia.  The Call for Presentations just went out.  Last year’s event was excellent, and I’m really looking forward to this year’s.

The other is the SIPconnectIT interop testing events, planned for later this year.  They will be modeled after the incredibly successful SIPit SIP interoperability test events, but with a focus on SIP trunking and the SIP Forum’s SIPconnect 1.1 Recommendation.

Perhaps see some of you at these events!

, , , , , , , ,

Leave a comment

My Year – 2011

As 2011 draws to a close, I wanted to take a moment to thank everyone who has helped me this year. It has been an amazing year! Here’s a short list of my highlights:

– In January I gave a SIP Tutorial for the FCC staff in DC. It was a great event, and hopefully I will get another chance to do it again in 2012. The FCC has lots of VoIP and SIP work to do with the transition of the PSTN and E911 to all VoIP. Hopefully we can soon end the ridiculous subsidies for rural telephone service and instead use them to subsidized high speed Internet service for rural areas.  My friend Henning Schulzrinne was just appointed Chief Technology Officer, so I know the FCC is in good hands technically.  I also enjoyed giving the SIP Tutorial in Miami, Sydney, and Austin.

– In February I published my first novel, a Techno thriller about a massive attack on the Internet that gives this blog its name – Counting from Zero. Little did I know how much hacking and security stories there would be in 2011. Some have even called 2011 the Year of the Hactivist, which is hard to argue with. Overall, I couldn’t be happier with the response to the book. Thank you do much to anyone who has read, reviewed, tweeted, or blogged about it – I am very grateful. Look for more book news in early 2012…

– In February I also started blogging and using Twitter. It has been a lot of fun! Thanks to everyone who has read my blog posts or followed me on Twitter.

– In March I participated in my first robotics competition. The experience was amazing, and I look forward to the start of another build season in just over a week!

– In April, the ZRTP VoIP media security protocol was published as an RFC by the IETF, after 6 years of hard work.  Editing this document is my small contribution to making the Internet more secure.  Here’s to more adoption and deployment in 2012.

– In May the RTCWEB Working Group was chartered by the IETF. The work is progressing slowly but steadily. I expect more progress in 2012, and hope for some strong security to be built into the protocols – lets show that we have learned something over the years…

– In June, I participated in the first ever SIP Network Operators Conference or SIPNOC for short. It was a great success and really shows how SIP has grown up. I am privaleged to have another term on the Board of Directors of the SIP Forum. With the publication of SIPconnect the SIP Trunking recommendation, the business use of SIP continues to grow and expand.

– In November, I has my first experience as a cricket coach. My son started the Priory Amateur Cricket Association or PACA as a club at his school. It has been a blast so far helping the boys learn the basics of cricket. They have done a great job, although we need to reduce the number of no balls! In 2012 we plan to play a one day match against a local cricket club.

So, here’s to 2011 – it was definitely an interesting year!  I hope it was a good one for you and yours.  Here’s to 2012!

, , , , , ,

Leave a comment

Websockets and SIP

Yesterday, RFC 6455 The Websocket Protocol was published by the IETF. This is the latest standard in the efforts to enable more applications to run in the web browser. This protocol, when supported in a browser and webserver allows the two to open additional TCP connections between them, besides the one they are using for the web session to send HTML, JavaScript, etc to the browser.

One area of application is WebRTC, the work to enable real-time communications services in web pages. One approach that has been discussed in both the IETF and W3C is to use Websockets to open a new connection between the browser and web server, and run a signaling, presence, or instant messaging protocol over it. For example, it had been proposed to run SIP, Session Initiation Protocol, this way.

A few months ago I blogged about WebRTC and SIP, and argued that SIP should not be standardized by WebRTC, as had been proposed back then. I still believe this is correct, and recent work in the IETF has centered around instead standardizing some kind of offer/answer media negotiating protocol, but leave the choice of signaling protocol open.

Recently a new Internet Draft was submitted on a Websocket transport for Session Initiation Protocol. I think this is a potentially useful approach and could be a good way to utilize SIP in conjunction with WebRTC. The draft is still in it’s early days, and has not yet been adopted by the SIPCORE Working Group yet, but I think it is a great start. SIP developers who are interested in the WebRTC effort should read this draft and support this work.

In the meantime, it is great to see WebSocket finally published as an RFC, something I hope to see happen to a few of my Internet Drafts in the new year!

 

If you are interested in WebRTC, you might like my new book “WebRTC: PIs and RTCWEB Protocols of the HTML5 Real-Time Web”

WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web Book Cover

 

, , , , , , ,

5 Comments

Explaining Security

I spent all last week in Austin, Texas at the Internet Telephony Expo, ITEXPO conference.  In addition to giving the SIP and RTCWEB Tutorial and having a board meeting of the SIP Forum, I moderated a security panel at the 4th Generation Wireless Evolution 4GWE conference.  It was a great panel, with Patricia Steadman, CEO of Telesecret,a company founded by Phil Zimmermann to commercialize the ZRTP media security protocol, and a good friend and former colleague from Avaya, Andy Zmolek from LG Electronics.

As I enjoyed the cool and damp weather back in St. Louis (the opposite end of the weather spectrum from last week!), I was elated to discover that my novel “Counting from Zero” was ranked #12 on Amazon’s Computer Network Security sales list! (Of course, this ranking changes minute-by-minute, so it might very well be ranked a bit lower when you read this.)  I mark this as yet another milestone with this book, my first attempt at fiction.  To have it doing so well in a ranking filled with security text books is very exciting!

I was also thrilled to see two other books I greatly admire ranked just above me at #7 and #9:  The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin Mitnick and William Simon:  I use both these books as references in my book.  I was thinking of Kevin all last week during my travels as I finished reading his newly released memoir Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker.  It was an amazing read, and I highly recommend it.  Maybe I’ll post a full review here one day soon.

My original goal with “Counting from Zero” was to teach the fundamentals of computer and Internet security, but to do it in a non-traditional way.  I had written one other book on security, “Understanding Voice over IP Security”.  Its sales have not been great, compared to some of my other SIP and VoIP books.  One reason is perhaps that security books tend to be dry, and a little theoretical, not well-connected with real life.  In “Counting from Zero” I tried to invent a plot that would not only teach security, but help motivate it.  I set out to create a character, Mick O’Malley, who would initially seem over-the-top in his security, but have the subsequent action and events make him seem more normal, and the rest of us who barely give security a thought the strange ones.

I have greatly enjoyed the reviews of the book, and those complementing my characters, writing, plot, etc.  But I enjoy hearing the most that a reader learned something from the book.

If you have an interest in Internet or computer network security, my book will help explain some basic concepts and help motivate the topic.  If you have ready my book (thank you!) and learned something useful from it (fantastic!), I’d love to hear from you…

, , , , , , , , ,

Leave a comment

SIP and the Browser: RTCWEB and HTML5

There’s a lot of discussion these days about an effort known as RTCWEB – Real-Time Communications in Web browsers.  It is part of the HTML5 effort to build base voice and video communication capabilities directly into web browsers.  What does this mean?  HTML allows a web site or developer to easily display an image or stream a video, simply by including a standard HTML tag in their web code.  The RTCWEB extensions will similarly allow Skype-like voice and video communication, simply by adding a few HTML5 tags and some Javascript or Java code.  There are websites offering this today, but you first have to download a browser plugin before you can use it.  The developer has to write plugins for each platform and browser they want to support.  As a result, few offer this today – GoogleTalk and Google+ Hangouts are an exception to this.  For this effort to be successful, there must be standards, and two Internet standards bodies are working together closely:  the IETF (Internet Engineering Task Force) and the W3C (World Wide Web Consortium).  I have been active in the IETF’s RTCWEB Working Group, and colleagues of mine have also been involved in the W3C WEBRTC Working Group.

So how does this fit with SIP, which I’ve spent much of the last 10+ years working on?  SIP or Session Initiation Protocol is the IETF protocol for establishing voice and video sessions over the Internet.  SIP is used all over the Internet today, and in private networks.  It is used by service providers for VoIP (Voice over IP) networks, and it is used by enterprises for their internal PBX (Private Branch Exchange) networks.  It is also in a number of applications and services including Skype In and Out and even Apple’s Facetime (kind of).

Does this mean SIP in the browser?  This is an open question today being debated.  Although I have written drafts on the topic, I am no longer so sure this the right approach.  The alternative approach, that says that we don’t need to standardize the protocol between the browser and the web server – just use some downloaded Javascript or Java.  But this doesn’t mean SIP will go away – rather, SIP will continue to be used to connect networks and elements, and this will include new RTCWEB websites that communicate with each other and service providers.

This topic will continue to be discussed in the standards bodies, and also in next month’s ITEXP Internet Telephony Expo.  I’m excited to be giving an all-day SIP Tutorial with Henry Sinnreich in which we will introduce and teach SIP and also the principles behind the RTCWEB effort and how SIP and RTCWEB relate.  You can find out more about the tutorial and register using this link.

One of the other hot topics of RTCWEB is security, and I have written and spoken out about the need for privacy – protection against eavesdropping on voice and video communication.  A media security protocol such as ZRTP would be an excellent choice, but there are other options.  Unfortunately, there is a contingent that wants to permit unencrypted voice and video media from the browser.  But that is a topic for another day…

Hope to see some of you in Austin, Texas at the SIP Tutorial on September 15. 2011!

3 Comments