[VOIPSEC] Phil Zimmerman to release VoIP Encryption Software(c.March)

Christian Stredicke Christian.Stredicke at snom.de
Fri Feb 3 09:31:17 CST 2006 

Sounds like another reason to go to the IETF meeting in Dallas!

CS 

> -----Original Message-----
> From: Alan Johnston [mailto:ajohnston at tello.com] 
> Sent: Friday, February 03, 2006 4:01 PM
> To: Tom Harney
> Cc: Christian Stredicke; voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Phil Zimmerman to release VoIP 
> Encryption Software(c.March)
> 
> Tom and Christian,
> 
> Phil and I are finalizing an Internet Draft for ZRTP which 
> will be submitted to the IETF later this month, so the 
> protocol will not be proprietary.
> 
> As for it being too late, its true that SRTP was published in 
> 2004 - however, it is completely useless unless both parties 
> can negotiate a secret (master SRTP key and salt).  
> Currently, there are lots of proprietary methods and a number 
> of incompatible standard methods to do this.  There is also 
> no good way to be able to offer SRTP but fall back to RTP.
> 
> ZRTP extends SRTP to make it a usable standalone protocol, 
> and solves all these problems in a scalable, server-less way 
> that does not rely on any PKI infrastructure or trust of any 
> intermediate servers.
> 
> I hope everyone will wait for the draft and then make up their mind.
> 
> Thanks,
> Alan Johnston
> 
> Tom Harney wrote:
> 
> >I apologize Christopher, I misunderstood your question.  Thanks for 
> >clarifying.  And I think you're correct to assume it won't be making 
> >its way through IETF anytime soon.  I wonder if his protocol 
> could be 
> >encapsulated within an existing protocol for compatibility?  I'm an 
> >amateur, so I'm still learning about these protocols.
> >
> >Tom
> >
> >On 2/3/06, Christian Stredicke <Christian.Stredicke at snom.de> wrote:
> >  
> >
> >>Tom, open source does not mean it is not proprietary.
> >>
> >>Zfone uses "ZRTP", which is currently his own proprietary 
> protocol. I 
> >>appreciate Phil's work, it is surely a masterpiece. But it 
> is too late!
> >>The rest of this planet has agreed in the meantime on SRTP and TLS. 
> >>Phil should have contributed to RFC3261 (sips, tls transport layer) 
> >>and
> >>RFC3711 (SRTP). RFC3261 was published in June 2002, and SRTP was 
> >>published in March 2004. If Phil introduces it in March to 
> the IETF, I 
> >>do not assume it will become an RFC too soon.
> >>
> >>CS
> >>
> >>    
> >>
> >>>-----Original Message-----
> >>>From: Voipsec-bounces at voipsa.org
> >>>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Tom Harney
> >>>Sent: Thursday, February 02, 2006 11:31 PM
> >>>To: Christian Stredicke
> >>>Cc: voipsec at voipsa.org
> >>>Subject: Re: [VOIPSEC] Phil Zimmerman to release VoIP Encryption 
> >>>Software(c.March)
> >>>
> >>>Christian,
> >>>
> >>>If you listen to the podcast on
> >>>http://www.blueboxpodcast.com/2006/01/blue_box_etel20.html
> >>>Phil, in his final comments, indicates that he will be 
> licensing this 
> >>>through an open source license.  I'm assuming GPL?  or LGPL maybe?
> >>>
> >>>Cheers,
> >>>Tom
> >>>
> >>>On 2/2/06, Christian Stredicke <Christian.Stredicke at snom.de> wrote:
> >>>      
> >>>
> >>>>Is it proprietary? Has it been tested against other sip and srtp 
> >>>>implementations?
> >>>>
> >>>>Sorry, those might be stupid questions!
> >>>>
> >>>>CS
> >>>>
> >>>>        
> >>>>
> >>>>>-----Original Message-----
> >>>>>From: Voipsec-bounces at voipsa.org
> >>>>>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Candace Holman
> >>>>>Sent: Thursday, February 02, 2006 7:16 PM
> >>>>>To: voipsec at voipsa.org
> >>>>>Subject: [VOIPSEC] Phil Zimmerman to release VoIP Encryption 
> >>>>>Software (c.March)
> >>>>>
> >>>>>    Here's an article describing Zimmerman's zFone
> >>>>>          
> >>>>>
> >>>plugin.  Are any of
> >>>      
> >>>
> >>>>>    you softphone vendors planning to leap on this in 
> March?  It's
> >>>>>    pretty good (no pun intended).
> >>>>>
> >>>>>    Quick summary:
> >>>>>
> >>>>>        * plugin works with the client IP stack
> >>>>>        * no centrally managed key handling
> >>>>>        * users confirm via voice the 'keys' they read on their 
> >>>>>screens,
> >>>>>          esp for critical calls
> >>>>>
> >>>>>    http://www.voip-magazine.com/content/view/1674
> >>>>>
> >>>>>    Candace Holman
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>_______________________________________________
> >>>>>Voipsec mailing list
> >>>>>Voipsec at voipsa.org
> >>>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >>>>>
> >>>>>
> >>>>>
> >>>>>          
> >>>>>
> >>>>_______________________________________________
> >>>>Voipsec mailing list
> >>>>Voipsec at voipsa.org
> >>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >>>>
> >>>>        
> >>>>
> >>>_______________________________________________
> >>>Voipsec mailing list
> >>>Voipsec at voipsa.org
> >>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >>>
> >>>
> >>>
> >>>      
> >>>
> >
> >_______________________________________________
> >Voipsec mailing list
> >Voipsec at voipsa.org
> >http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
> >
> >  
> >
> 
> 
> 
>

More information about the Voipsec mailing list