Archive for the ‘computing’ Category

Secure VoIP demonstration at Interop

Wednesday, May 16th, 2007

Last month, the Adminsistrative Office of the United States Courts released the 2006 wiretap report (main report in PDF format). There are two extremely interesting points.

First, the third paragraph of the introductory page, which reads:

Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders. In 2006, no instances were reported of encryption encountered during any federal or state wiretap.

(Steve Bellovin, via Eric Rescorla.)

Second, on page 11 of the PDF (under the section “Summary and Analysis of Reports by Prosecuting Officials”), we learn that the federal government doesn’t encounter computers all that often:

The electronic wiretap, which includes devices such as digital display pagers, voice pagers, fax machines, and transmissions via computer such as electronic mail accounted for less than 1 percent (13 cases) of intercepts installed in 2006; 6 of these involved electronic pagers, and 7 involved computers.

For comparative purposes, the report notes that 1,839 wiretaps concluded in 2006.

Most voice communications are not encrypted. The exception is mobile telephones, which are encrypted only on the radio link. (Mobile phone wiretaps, however, generally take place at the switching office, where the voice traffic is not encrypted.) This certainly includes most VoIP calls today, and is a reason that is often cited for the lack of use of SIP-based services on corporate networks. Most VoIP data is transmitted using the Real-Time Protocol (RTP), which does not encrypt payload data. The Secure Real-Time Transport (SRTP) offers a potential solution, and implementations are now available.

After that very long introduction, I’d like to point out that the Interop Labs next week will have an interoperability demonstration featuring SRTP. It’s open to the public, so if you happen to be on the show floor, stop on by!

As a completely shameless plug, you can also see the Open1X supplicant in the iLabs, which is now supported by the newly-formed OpenSEA Alliance.

OpenSEA launches!

Monday, May 14th, 2007

Today, the OpenSEA Alliance launched, with the objective of developing a cross-platform open source 802.1X supplicant. I was fortunate enough to be part of the initial group, both as an individual and representing one of the founding companies.

Any time you get multiple companies together, it can be challenging coming to consensus. We were helped immensely by Cliff Schmidt from the Apache foundation, and were lucky to be able to draw extensively on his expertise.

One of the few thorny issues that was outside of Cliff’s immediate expertise in law was deciding on a name. Naturally, he helped assist the group in selecting a name that was not already in use and could be legally protected, but we still had to come up with a name within those broad criteria. “OpenSEA” was my suggestion, originally proposed to come up with a middle ground between a name that was specifically tied to 802.1X and a more general name. Officially, “SEA” stands for “Secure Edge Access,” but unofficially, we’re using the “open sea” phrase to indicate that changes at the network edge will have profound effects on the way networks are built and managed. As a fun point, we get the ability to give nautical-themed code names to our projects.

Starting the organization was quite educational, and I’m glad I participated. In addition to getting agreement on how to structure the organization, there’s a lot of start-up work to do to incorporate, get a bank account, and so on. At our first meeting last week, I was elected to the board of directors for a two-year term, ending in 2009. I’m concurrently serving a one-year term as corporate secretary.

So, the easy work is done, and the organization is running. The challenge now is to make it successful. Right now, the group depends on volunteer labor. As part of the process of starting OpenSEA, I learned from a colleague that the Wi-Fi Alliance started in much the same way, but it has now become successful enough that it has a professional staff. While OpenSEA probably will not be as well-known as Wi-Fi, it can certainly become successful enough to outgrow volunteers.

Tales from the Useless Error Message Bucket: “It’s a driver”

Thursday, May 3rd, 2007

On the train tonight, I had a suspicious blue screen. The reason I found it suspicious is that I received the blue screen and STOP error from Windows as I was using my EDGE phone. About a third of a second after the blue screen, there was a soft beep from the phone letting me know that a caller had left voice mail. I find it hard to believe that these two events were unrelated given that they occurred so close together.

When Windows came back up, the crash diagnostic tool dutifully told me that the error message I had seen was caused by a device driver. Here’s what it told me:

Follow these steps to solve the problem with a device driver

You received this message because a device driver installed on your computer caused the Windows operating system to stop unexpectedly. This type of error is referred to as a “stop error.” A stop error requires you to restart your computer.

If I had an idea of which driver had caused the system to stop, then maybe I could do something about it. The only further advice was to think about new drivers or software I might have installed. Too bad there aren’t any, and I have to chalk this crash up to the bogon capture cross-section of the laptop.