Secure IP Fax – Now Standard

Last fall, I blogged about a pending standard for securing facsimile communications over IP networks here and I spoke about this progress at the SIPNOC conference. Since that time, the standard, known as RFC 7345 has been approved by the Internet Engineering Task Force. The availability of a standard is very good news. There’s a common perception that fax isn’t used anymore, but there are a number of business to business (B2B) and consumer applications where fax still is common, including real estate, insurance, health care and legal applications. There are also a number of companies which provide fax by selling equipment, fax enabling technology, software or a hosted service.

So why should people or companies care about securing IP fax? Increasingly, most of our real time communications, whether by voice, fax, text or video, are transported over IP networks. Very often, they will travel over the Internet for a portion of their journey. The Internet is ubiquitous, but fundamentally unsecure unless the application or the transport layers provide security. Security can mean many different things, but is often referring to solutions for needs which include privacy, authentication and data integrity. The new RFC 7345 is designed to support these types of requirements by applying a standard known as Datagram Transport Layer Security (DTLS). One of the key reasons that the Fax over IP RFC uses DTLS is because the T.38 IP fax protocol most typically formats its signals and data using the User Datagram Protocol Transport Layer (UDPTL), unlike most real time media, which use the Real Time Transport protocol (RTP).  DTLS was designed to provide security services with datagram protocols, so it’s a good fit for T.38 IP fax.  The current version of DTLS is 1.2, which is defined in RFC 6347.

Getting a standard approved is really only the beginning. In order to get traction in the marketplace, there needs to be implementations. For example, T.38 was originally approved in 1998 by the International Telecommunications Union, but implementations did not become common until many years later, starting around 2005. In the time since, T.38 has become the most common way to send fax over IP networks and its been adopted by most of the fax eco-system.  On the plus side, a key advocate for the new standard is the Third Generation Partnership Program (3GPP), which is the standards group that drives standardization of services which will run over mobile networks, such as the emerging Long Term Evolution (LTE) network.  The SIP Forum is also continuing work on its SIP Connect interworking agreements and there is potential for including the new standard in a future version of SIPconnect.

I’ll continue to track what’s happening with respect to implementation of the standard.   As I noted in some of my previous posts, the current work on standardizing WebRTC is helping implementors to gain experience in important new standards for security, codecs and Network Address Translation (NAT) traversal. This WebRTC “toolkit” is also available in open source form.  The inclusion of DTLS in RFC 7345 joins the pending RTCWeb standards in providing new applications and use cases for these emerging standards. This will be good news for the user community, as features which were previously available only in proprietary get implemented in variety of products and services.  If you know of any plans in motion or want to learn more, please feel free to comment or get in touch with me.  You can also learn more by checking out my presentation on Securing IP Fax.

On the Road Again – SIPNOC 2014

I’ll be speaking next week at the SIPNOC conference in Herndon, Virginia.  SIPNOC is sponsored by the SIP Forum and covers a wide variety of topics related to SIP — the Session Initiation Protocol — with a particular focus on the needs of service providers.   It runs from June 9 – 12.

WebRTC continues to be a hot topic in the telecom industry and I’ll be on a panel with several other participants to discuss the relationship between SIP and WebRTC.   SIP has been the primary protocol for Voice over IP and is widely deployed.  WebRTC is much newer, but offers an interesting mix of audio, video and data capabilities and it can be accessed via popular browsers from Google and Mozilla.  WebRTC also has a rapidly growing eco-system.  Are SIP and WebRTC complementary standards which work well together or going in totally different directions?  Come to the panel and find out!

I am also delivering a presentation on a very exciting development in IP fax communications over SIP.  The presentation is entitled: Securing IP Fax – A New Standard Approach.  It’s been a long time coming, but there will soon be a new security standard for implementors of IP Fax over SIP networks.  In particular, the Internet Engineering Task Force is working on using an existing security standard known as DTLS and adding this as a security layer for T.38 fax.    I’ll be talking about the pending standard, why it’s needed and what kind of benefits can be expected for the many users of T.38 IP fax once the new standard is deployed.

I’ve attended SIPNOC as a speaker since its beginning four years ago.  It’s an excellent conference and offers an in-depth perspective on the latest news in SIP as delivered by an all star cast of speakers.  I hope you’ll be able to join us.