Skip to content
HomeSIP Network Operators Conferences (SIPNOC)SIPNOC 2013PresentationsDay Three (June 12, 2014)2. Who are You Really Calling? How DNSSEC Can Help

2. Who are You Really Calling? How DNSSEC Can Help

[featured_image]
Download
Download is available until [expire_date]
  • Version [version]
  • Download 25
  • File Size 3 MB
  • File Count 1
  • Create Date May 1, 2013
  • Last Updated May 1, 2013

2. Who are You Really Calling? How DNSSEC Can Help

Presented by Dan York, ISOC.

When Alice calls Bob, how does she know that she is really communicating with Bob's SIP server? Sure, her software grabs a SRV record for Bob's server from DNS, but how does Alice's systems know whether that is the *correct* DNS record for Bob's server? What if an attacker were able to inject DNS records that redirect Alice's call to another system? What if there were a way that the SIP endpoints could be certain about the address of the other system they want to call?

In this talk, Dan York will explain how DNS Security Extensions (DNSSEC) works and how it can apply to SIP communications. He will demonstrate one of the existing implementations in the Jitsi softphone and outline how the system can work. He will also dive into a new protocol, DANE, that allows SSL/TLS certificates to be stored in DNS and explore how this could potentially be used for the security of SIP endpoints.