iptel.org - TLS, SSL, FCP

Standard ser.cfg

Wed, 17 Oct 2007 08:44:53 +0200

#
# $Id: seri.cfg,v 1.42 2007/05/30 12:28:17 tirpi Exp $
#

# First start SERi sample config script with:
#   database, accounting, authentication, multi-domain support
#   PSTNi GW section, named flags, named routes, global-,
#   domain- and user-preferences with AVPs
# Several of these features are only here for demonstration purpose
# what can be achieved with the SER config script language.
#
# If you look for a simpler version with a lot less dependencies
# please refer to the ser-basic.cfg file in your SER distribution.

Certificate Authority

Thu, 31 Aug 2006 13:36:03 +0200

This site runs its own certificate authority for the purpose of client and server authentication using TLS/SSL. At the moment certificates generated by the certificate authority are used to secure the web server (most pages on the web server are also available through HTTPS), in the future we will also configure our SIP servers to use TLS and issue client certificates that can be used in SIP user agents.

How to apply for a certificate

The instructions below should work on Linux (or any POSIX compatible system) with OpenSSL installed.

FCP Protocol Specification 16

Wed, 30 Aug 2006 16:37:30 +0200

FCP rough specs + description - v.016 - 2001-01-15 - Nils Ohlmeier , Ulrich Abend

updated by Jiri Kuthan

feedback provided by Jan Janak

priority 2 features are blue colored; they will be implemented in the second stage;

examples are attached

The protocol specification follows the SMTPi/HTTP/SIP request-response, textual, AVP protocol family. Letter capitalization does not matter. Unknown AVPs may be ignored by receivers. Multiple transactionsi may utilize a single transport channel (TCP connection).^MAll FCP-maintained rules are uniquely identified by packet-matching expressions (regardless if their elements are specified explicitly or by a default value).

FCP Protocol Specification 15

Wed, 30 Aug 2006 16:34:40 +0200

FCP rough specs + description - v.015 - 11-28-00 - Nils Ohlmeier , Ulrich Abend

<FCP>::=

<Request>::=

        SET <RequestHeader> <PacketMatching Expression> [<SetOptions>] |
        RELEASE <RequestHeader> <PacketMatching Expression> |
        QUERY <RequestHeader> [<PacketMatching Expression>] |
        QUERYNAT <RequestHeader> IP=<value> PORT=<value>
                   [UPPERPORT=<value>] PROTO=<value> |

draft-kuthan-fcp-02

Wed, 30 Aug 2006 16:15:59 +0200

Internet Engineering Task Force                             Jiri Kuthan
Internet Draft                                                GMD Fokus
draft-kuthan-midcom-framework-00.txt                 Jonathan Rosenberg
November, 2000                                              dynamicsoft
Expires: May 2001


          Middlebox Communication: Framework and Requirements

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026 [1].

   Internet-Drafts are working documents of the Internet Engineering

draft-kuthan-fcp-01

Wed, 30 Aug 2006 15:13:17 +0200

Internet Engineering Task Force                              Jiri Kuthan
Internet Draft                                                 GMD Fokus
draft-kuthan-fcp-01.txt                               Jonathan Rosenberg
June, 2000                                                   dynamicsoft
Expires: December 2000

          Firewall Control Protocol Framework and Requirements

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026 [1].

   Internet-Drafts are working documents of the Internet Engineering

draft-ietf-midcom-framework-00

Wed, 30 Aug 2006 15:04:24 +0200

Network Working Group                                       P. Srisuresh
INTERNET-DRAFT                                          Jasmine Networks
Expires as of August 21, 2001                                  J. Kuthan
                                                               GMD Fokus
                                                            J. Rosenberg
                                                             Dynamicsoft
                                                          February, 2001


                 Middlebox Communication Architecture and framework

FCP IETF47 Presentation

Wed, 30 Aug 2006 14:52:56 +0200

FCP Presentation at IETF47

IETF49 Presentation

Mon, 28 Aug 2006 23:10:52 +0200

Middlebox Communication Framework and Requirements

20/12/00

Start presentation

Middlebox Communication Framework and Requirements
Outline
Background: ALGs
Ultimately Secure Firewall
Static Filtering Policy is not Enough
Application-awareness to Deal with Dynamic Conditions
Suggestion: Decomposition
Missing Piece
A MidCom Network
Summary: We have ...
Conclusions
Information Resources

Author: Jiri Kuthan

Email: kuthan@fokus.gmd.de

Home Page: http://www.fokus.gmd.de/research/cc/glone/employees/jiri.kuthan/private/fcp/

Other information:

FCP Related Links

Mon, 28 Aug 2006 18:01:38 +0200

Standardization efforts
- List of related Internet Drafts
- Aravox FCI (A Tiphon Submission) (Aravox also published a short paper on their firewall control.)
- RFC 2979 on Firewall Requirements
Internet Telephony ALGs
- SIP Linux

Firewall Control Protocol

Mon, 28 Aug 2006 15:38:43 +0200

Short Description

It is hard to impossible for Internet telephony to traverse firwalls and NATs. This inhibits a considerable number of Internet users from using Internet telephony services. Firewall Communication Protocol (FCP) is being designed to attack this problem. It connects signaling servers such as SIP Proxies or H.323 gatekeepers with firewalls, NATs and possibly other intermediate network devices ("middleboxes"). This construct enables to introduce application patchwork dealing with problems caused by firewalls and NATs in a scalable, easy-to-maintain and efficient manner.