[VOIPSEC] About ZRTP (was Governments employing MiTM attacks against SSL)
Pablo Rogina
pablojr at gmail.com
Wed Apr 21 09:35:09 CDT 2010
> I see you mentionned ZRTP on your posting. Can you (or any body else)
compare and contrast ZRTP vs SRTP by measuring their security
> behaviors. Thank you!
As mentioned before, ZRTP is used for key agreement by the *UAC*s (user
agent client) and once the keys are generated, they're used in a SRTP
session.
One main purpose of ZRTP is to avoid the need to establish previously a PKI
(private key infrastructure) in order to get session keys for later use in
SRTP. ZRTP is based on Diffie-Hellman key agreement protocol.
That way, two people using softphones that support ZRTP natively (i.e.
QuteCom) or by using other softphones with Zfone (*zfone*project.com)
installed,
you'll have encrypted calls without the need of digital certificates or both
ends having to share keys before placing the call.
Pablo J. Rogina
More information about the Voipsec
mailing list