[VOIPSEC] Phil Zimmerman to release VoIP Encryption Software(c.March)

Alan Johnston ajohnston at tello.com
Fri Feb 3 08:54:32 CST 2006 

Tom and Christian,

Phil and I are finalizing an Internet Draft for ZRTP which will be 
submitted to the IETF later this month, so the protocol will not be 
proprietary.

As for it being too late, its true that SRTP was published in 2004 - 
however, it is completely useless unless both parties can negotiate a 
secret (master SRTP key and salt).  Currently, there are lots of 
proprietary methods and a number of incompatible standard methods to do 
this.  There is also no good way to be able to offer SRTP but fall back 
to RTP.

ZRTP extends SRTP to make it a usable standalone protocol, and solves 
all these problems in a scalable, server-less way that does not rely on 
any PKI infrastructure or trust of any intermediate servers.

I hope everyone will wait for the draft and then make up their mind.

Thanks,
Alan Johnston

Tom Harney wrote:

>I apologize Christopher, I misunderstood your question.  Thanks for
>clarifying.  And I think you're correct to assume it won't be making
>its way through IETF anytime soon.  I wonder if his protocol could be
>encapsulated within an existing protocol for compatibility?  I'm an
>amateur, so I'm still learning about these protocols.
>
>Tom
>
>On 2/3/06, Christian Stredicke <Christian.Stredicke at snom.de> wrote:
>  
>
>>Tom, open source does not mean it is not proprietary.
>>
>>Zfone uses "ZRTP", which is currently his own proprietary protocol. I
>>appreciate Phil's work, it is surely a masterpiece. But it is too late!
>>The rest of this planet has agreed in the meantime on SRTP and TLS. Phil
>>should have contributed to RFC3261 (sips, tls transport layer) and
>>RFC3711 (SRTP). RFC3261 was published in June 2002, and SRTP was
>>published in March 2004. If Phil introduces it in March to the IETF, I
>>do not assume it will become an RFC too soon.
>>
>>CS
>>
>>    
>>
>>>-----Original Message-----
>>>From: Voipsec-bounces at voipsa.org
>>>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Tom Harney
>>>Sent: Thursday, February 02, 2006 11:31 PM
>>>To: Christian Stredicke
>>>Cc: voipsec at voipsa.org
>>>Subject: Re: [VOIPSEC] Phil Zimmerman to release VoIP
>>>Encryption Software(c.March)
>>>
>>>Christian,
>>>
>>>If you listen to the podcast on
>>>http://www.blueboxpodcast.com/2006/01/blue_box_etel20.html
>>>Phil, in his final comments, indicates that he will be
>>>licensing this through an open source license.  I'm assuming
>>>GPL?  or LGPL maybe?
>>>
>>>Cheers,
>>>Tom
>>>
>>>On 2/2/06, Christian Stredicke <Christian.Stredicke at snom.de> wrote:
>>>      
>>>
>>>>Is it proprietary? Has it been tested against other sip and srtp
>>>>implementations?
>>>>
>>>>Sorry, those might be stupid questions!
>>>>
>>>>CS
>>>>
>>>>        
>>>>
>>>>>-----Original Message-----
>>>>>From: Voipsec-bounces at voipsa.org
>>>>>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Candace Holman
>>>>>Sent: Thursday, February 02, 2006 7:16 PM
>>>>>To: voipsec at voipsa.org
>>>>>Subject: [VOIPSEC] Phil Zimmerman to release VoIP Encryption
>>>>>Software (c.March)
>>>>>
>>>>>    Here's an article describing Zimmerman's zFone
>>>>>          
>>>>>
>>>plugin.  Are any of
>>>      
>>>
>>>>>    you softphone vendors planning to leap on this in March?  It's
>>>>>    pretty good (no pun intended).
>>>>>
>>>>>    Quick summary:
>>>>>
>>>>>        * plugin works with the client IP stack
>>>>>        * no centrally managed key handling
>>>>>        * users confirm via voice the 'keys' they read on their
>>>>>screens,
>>>>>          esp for critical calls
>>>>>
>>>>>    http://www.voip-magazine.com/content/view/1674
>>>>>
>>>>>    Candace Holman
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Voipsec mailing list
>>>>>Voipsec at voipsa.org
>>>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>_______________________________________________
>>>>Voipsec mailing list
>>>>Voipsec at voipsa.org
>>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>>
>>>>        
>>>>
>>>_______________________________________________
>>>Voipsec mailing list
>>>Voipsec at voipsa.org
>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>
>>>
>>>
>>>      
>>>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>  
>

More information about the Voipsec mailing list