Speaking of Standards

This past week’s joint announcement(s) by Google and Mozilla about their first ever successful cross-browser WebRTC call is really exciting.

While Chrome and Firefox each now include by default some limited support for WebRTC (and the related getUserMedia() capability), this demo represents the first time that a successful communication between the two browsers has been demonstrated, suggesting that longstanding promises by both of eventual interop are beginning to come to fruition. From conversations I had with experts from both companies at last week’s WebRTC/RTCWEB standards meeting in Boston, the plan is to remain interoperable from this point on, a lofty and crucial goal. Why crucial? Unlike the adoption-impacting interoperability challenges that SIP has faced due to significant numbers of independent hardware implementations, WebRTC promises faster overall interoperation because of the relatively smaller number of browsers that will have to support it.

It’s great that Mozilla and Google have now shown their willingness to make this happen. Microsoft and Apple, are you listening?

Voxeo is proud to announce today that we’re bringing Level 1 PCI-compliance capabilities to multiple data centers in the United States and Europe for hosted applications that are built in line with PCI compliance best practices. Now, for compliant applications on the Voxeo hosted cloud, merchants, banks and callers using automated-self service systems can rest assured that any sensitive credit card or financial information that passes through the Voxeo network will be protected to the highest standards of compliance to the Payment Card Industry Data Security Standard (PCI-DSS). PCI Level 1 certification is the highest certification a merchant or service provider can receive, and can only be received after an independent audit of network architecture, security policies and development procedures. Voxeo established its first PCI-compliant platform in 2008 and first audited Level 1 compliance in 2011, providing a secure cloud environment for European clients.

Subsequently, we fast-tracked a PCI-compliant solution for a secure cloud environment in the US in response to customer demand. A typical implementation might require 6-12 months of remediation, but In reference to the process, Andrew Cannata, the managing director for the independent PCI compliance auditor for Voxeo, spoke highly of Voxeo’s implementation: “Due to the innovative, customer-driven, and highly skilled team that Voxeo employs, they were able to establish a PCI-compliant environment in just over three months. This speaks to the technical expertise and dedication to a secure, PCI compliant, environment.” Voxeo also provides the tools necessary to build PCI compliance into applications. Prophecy and VoiceObjects provide built-in mechanisms that allow clients to isolate and secure credit card data and create applications ready to deploy into our PCI-compliant hosting environment.

For companies, the risks of a data breach are significant. Reputation damage is likely, as account breaches often command national news and reverberate far beyond the compromised accounts. The financial cost can also be severe: according to a 2010 report by Symantec Corporation and the Ponemon Institute, the average organizational cost of a data breach was about $7.2 million, and about $214 per compromised record. With the risk of breaches unlikely to abate, the ability to build and deploy IVR solutions that minimize these risks is critical. For more information, you can visit our website to learn more about bank and financial IVR applications, or for a free, no-obligation trial of Prophecy or VoiceObjects.

Want to learn more about IPv6 in advance of the World IPv6 Launch on June 6th? The #IPv6Questions ”tweetup” today will feature a team of experts with first-hand IPv6 installation experience, who can answer your questions about IPv6 adoption.

• When: 1:00 p.m. EST, Thursday, March 1, 2012
• What: 60-minute live Twitter Q&A
• Who Should attend: Anyone interested in IPv6 adoption and IPv6 World Launch event

Keep up with the action by following the #IPv6Questions hashtag. Questions can be tweeted before the Q&A session and as many as possible will be answered.

There’s a fascinating exchange of views over at Ars Technica on the question of “Should there be a free market for IPv4 addresses?” Or, to put it another way:

Should companies be able to buy and sell their IPv4 address blocks?

If you recall, back in March Microsoft purchased a block of IPv4 addresses from Nortel for $7.5 million, and with the ongoing depletion of IPv4 addresses available from registries, this approach of purchasing IPv4 addresses may become more common.

The two sides of the debate are represented by:

• Timothy Lee: The case for a free market in IPv4 addresses
• Iljitsch van Beijnum: Trading IPv4 addresses will end in tears

Both make for interesting reading.

I definitely agree with Iljitsch that on a technical level, a free market for IPv4 addresses will lead to severe fragmentation of the overall routing tables… and just make a big mess in general. I also agree with Iljitsch that broader adoption of IPv6 would take care of these issues… but as strong an advocate as I am of IPv6, I’m skeptical that companies will move until they are forced to… or until it becomes extremely easy for them to do so.

That said, as I mentioned in our recent webinar about IPv6 and communication applications, I fully expect to see more of these kind of transactions occurring. There are simple economics – for many companies the current cost of transitioning to IPv6 (even just undertaking the planning) outweighs the current cost of purchasing IPv4 address blocks.

Will it evolve into the full-blown free market that Timothy Lee would like to see? I don’t know… I think at some point the cost of IPv4 address blocks will start to escalate to the point where IPv6 transition will suddenly seem like a good deal. So if a free market is to exist, I see it as a temporary situation at best (where “temporary” may admittedly be measured in years)

Regardless, it’s a discussion that needs to be had because this kind of exchange of IPv4 addresses is certainly one way that companies will try to stay on IPv4 for as long as possible.

What do you think? Should there be a free market for IPv4 addresses? Or should that be restricted and not permitted?

For those tracking the the “RTCWEB/WebRTC” initiative the next “virtual interim meeting” for the IETF side of the effort will be held on Thursday, September 8th. From the announcement email:

The RTCWEB working group plans to hold an interim meeting meeting. It will be held on September 8, 2011 at 7:00 A.M. PDT. We’re currently allocating 4 hours for the meeting. Details of participation will follow on the working group mailing list (http://www.ietf.org/mail-archive/web/rtcweb/).

If you are already on the mailing list, you’ll get the announcements and agenda… if not, it’s a good time to join the mailing list!

P.S. And if you don’t know what any of this is about, see my last post.

Would you like to understand what the “RTCWEB/WebRTC” initiative is all about? And how it will enable real-time communications from within web browsers without the use of additional plugins or extensions? (like those in Flash, Quicktime, etc.)

A great place to start would be this Internet-Draft at:

http://tools.ietf.org/html/draft-ietf-rtcweb-overview

As the draft URL indicates, the document truly is an “overview” of the effort:

This document gives an overview and context of a protocol suite intended for use with real-time applications that can be deployed in browsers – “real time communication on the Web”.

It intends to serve as a starting and coordination point to make sure all the parts that are needed to achieve this goal are findable, and that the parts that belong in the Internet protocol suite are fully specified and on the right publication track.

The latest version, released today, includes a reference to the WebRTC specification released yesterday by the W3C.

Definitely worth a read for anyone interested in learning more about this very important industry effort.

As part of the ongoing RTCWEB/WebRTC initiative to enable real-time communications in web browsers without extra plugins or extensions, the W3C working group released its first draft of the API specification. It can be found at:

http://dev.w3.org/2011/webrtc/editor/webrtc.html

As that URL actually points to a version that will change as more edits are made, there is also a URL to a static version of what was released yesterday:

http://dev.w3.org/2011/webrtc/editor/webrtc-20110823.html

Discussion that led to the document happened up at the face-to-face meeting recently in Quebec… and continues on the public-webrtc mailing list, to which anyone can subscribe.

And yes, you’ll notice Voxeon Dan Burnett, our Director of Speech Technologies and point person on industry standards, as one of the co-editors of this document.

The RTCWEB/WebRTC effort is an incredibly important project… and I hope that as many of you as possible can take a look at the draft and contribute feedback on the (very active) mailing list.

Great to see!

If you are a network geek (like me) who likes to understand how networks are put together, there’s a great Internet-Draft out about how IPv6 works in 3GPP mobile networks such as EPS and LTE. The draft is at:

http://tools.ietf.org/html/draft-ietf-v6ops-3gpp-eps

And comes complete with ASCII network diagrams that include clouds!

Seriously, though, this is a well-done document that provides a great amount of insight into how 3GPP networks work in general and how IPv6 is used within the network. Definitely worth a read for anyone interested in IPv6 and/or the evolution of mobile networks.

Here’s the beginning of the introduction to give you the context:

IPv6 has been specified in the 3rd Generation Partnership Project (3GPP) standards since the early architectures developed for R99 General Packet Radio Service (GPRS). However, the support for IPv6 in commercially deployed networks remains low. There are many factors that can be attributed to the lack of IPv6 deployment in 3GPP networks. The most relevant one is essentially the same as the reason for IPv6 not being deployed by other networks as well, i.e. the lack of business and commercial incentives for deployment. 3GPP network architectures have also evolved since 1999 (since R99). The most recent version of the 3GPP architecture, the Evolved Packet System (EPS), which is commonly referred to as SAE, LTE or Release-8, is a packet centric architecture. The number of subscribers and devices that are using the 3GPP networks for Internet connectivity and data services has also increased significantly. With the subscriber growth numbers projected to increase even further and the IPv4 addresses depletion problem looming in the near term, 3GPP operators and vendors have started the process of identifying the scenarios and solutions needed to transition to IPv6.

This document describes the establishment of IP connectivity in 3GPP network architectures, specifically in the context of IP bearers for 3GPP GPRS and for 3GPP EPS. It provides an overview of how IPv6 is supported as per the current set of 3GPP specifications. Some of the issues and concerns with respect to deployment and shortage of private IPv4 addresses within a single network domain are also discussed.

Network World is out today with a report on a survey that they are headlining “Most IT pros say their websites, networks will support IPv6 by 2013“. The survey article and accompanying slide set do indeed have some fantastic numbers including that 65% of the respondents say they’ll have IPv6 running on their internal networks within two years.

As much as I am a huge advocate of IPv6, this survey data just seemed too good to be true… and indeed I have to wonder about the methodology. This sentence in the article is key to me (my emphasis added):

These IT professionals proclaimed strong support for IPv6 deployment in the online survey, which attracted 210 respondents.

How did Network World promote this survey? Was it through a general banner on their websites? Through email blasts or newsletters?

Or was it through links associated with IPv6-related articles? (In which case IPv6 advocates like me might read those articles and then follow the link to the survey.)

Don’t get me wrong… I’d love it if the data were really accurate… but that timeframe seems rather aggressive to me. It feels more like a number that might come out of a population of IPv6 enthusiasts/advocates.

Regardless, it’s good to see IPv6-related surveys out like this… perhaps it will encourage some other sites to run their own surveys. And perhaps this survey might also get some enterprises thinking about IPv6 so as not to be left behind!

Sadly, this XKCD comic can seem all too true sometimes…