Secure IP Fax – Now Standard

Last fall, I blogged about a pending standard for securing facsimile communications over IP networks here and I spoke about this progress at the SIPNOC conference. Since that time, the standard, known as RFC 7345 has been approved by the Internet Engineering Task Force. The availability of a standard is very good news. There’s a common perception that fax isn’t used anymore, but there are a number of business to business (B2B) and consumer applications where fax still is common, including real estate, insurance, health care and legal applications. There are also a number of companies which provide fax by selling equipment, fax enabling technology, software or a hosted service.

So why should people or companies care about securing IP fax? Increasingly, most of our real time communications, whether by voice, fax, text or video, are transported over IP networks. Very often, they will travel over the Internet for a portion of their journey. The Internet is ubiquitous, but fundamentally unsecure unless the application or the transport layers provide security. Security can mean many different things, but is often referring to solutions for needs which include privacy, authentication and data integrity. The new RFC 7345 is designed to support these types of requirements by applying a standard known as Datagram Transport Layer Security (DTLS). One of the key reasons that the Fax over IP RFC uses DTLS is because the T.38 IP fax protocol most typically formats its signals and data using the User Datagram Protocol Transport Layer (UDPTL), unlike most real time media, which use the Real Time Transport protocol (RTP).  DTLS was designed to provide security services with datagram protocols, so it’s a good fit for T.38 IP fax.  The current version of DTLS is 1.2, which is defined in RFC 6347.

Getting a standard approved is really only the beginning. In order to get traction in the marketplace, there needs to be implementations. For example, T.38 was originally approved in 1998 by the International Telecommunications Union, but implementations did not become common until many years later, starting around 2005. In the time since, T.38 has become the most common way to send fax over IP networks and its been adopted by most of the fax eco-system.  On the plus side, a key advocate for the new standard is the Third Generation Partnership Program (3GPP), which is the standards group that drives standardization of services which will run over mobile networks, such as the emerging Long Term Evolution (LTE) network.  The SIP Forum is also continuing work on its SIP Connect interworking agreements and there is potential for including the new standard in a future version of SIPconnect.

I’ll continue to track what’s happening with respect to implementation of the standard.   As I noted in some of my previous posts, the current work on standardizing WebRTC is helping implementors to gain experience in important new standards for security, codecs and Network Address Translation (NAT) traversal. This WebRTC “toolkit” is also available in open source form.  The inclusion of DTLS in RFC 7345 joins the pending RTCWeb standards in providing new applications and use cases for these emerging standards. This will be good news for the user community, as features which were previously available only in proprietary get implemented in variety of products and services.  If you know of any plans in motion or want to learn more, please feel free to comment or get in touch with me.  You can also learn more by checking out my presentation on Securing IP Fax.

Lean Six Sigma – First Take

I just finished a two week course and now possess a certification known as the Lean Six Sigma Green Belt. I’d been running into a few people with Lean Six Sigma backgrounds while networking in the last several months, but didn’t really understand what it was all about until I took this course. I now have a much better appreciation for what I’ve been missing and am amazed by the degree to which this particular cluster of methodologies winds like a river through many different elements of my education and career.  

Lean Six Sigma is a combination of two movements. Lean is an approach to improving processes by analyzing and removing various types of waste. But that’s not all. It can also be used to assess a product or process and determine which elements provide value for customers. I’d been thinking Lean Six Sigma was just a manufacturing thing — a common misconception — but here they were talking about the customer value and the Voice of the Customer. So Lean is relevant to customers and therefore, might also be highly useful for people in marketing and product positions. Okay, so Lean is relevant for product and marketing people like me. What about Six Sigma?  

Six Sigma dates back to the Seventies, when Dr. Mikel Harry of Motorola put together a variety of quality and statistical approaches aimed toward helping organizations greatly improve the quality of their processes. The term Six Sigma derives from the statistical world, where sigma is another word for standard deviation. A six sigma process is highly accurate and produces on average only 3.4 defects per million. At one time, Six Sigma and Lean were separate movements, but organizations soon saw the value in using Six Sigma techniques to improve the quality of their processes and Lean to reduce wastes, eliminate unnecessary process costs and in general, have much more efficient processes.  

It turns out there’s a lot to learn. Green Belts get introduced to the smorgasbord of Lean and Six Sigma techniques, but true mastery of the tools takes more learning and experience — hence the use of the term Black Belt.  The overall Lean Six Sigma philosophy and collection of tools strikes me as being valuable for people in a wide variety of disciplines.  I’ll talk more about how Lean Six Sigma relates to my own background and today’s business needs in my next post.