Philip Zimmermann, creator of PGP, has announced the first official release of Zfone—a system for encrypting any SIP VoIP voice stream. Below is Philip’s introduction on Zfone as posted on his website:
“I’ve just released Zfone, a new product that takes a new approach to make a secure telephone for the Internet.
I think it’s better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. It interoperates with any standard SIP phone, but naturally only encrypts the call if you are calling another Zfone client. This new protocol has been submitted to the IETF as a proposal for a public standard, to enable interoperability of SIP endpoints from different vendors.”
See further discussions on Zfone release over at Slashdot.
Ah yes. It will be interesting to see what happens when strongly encrypted voice hits wide-open interception. Back to traffic analysis, I suppose.