[ale] [Fwd: Re: [VOIPSEC] Phil Zimmerman to release VoIP Encryption Software(c.March)]

Geoffrey esoteric at 3times25.net
Fri Feb 3 10:26:03 EST 2006 

More on Phil's voip work:

Tom and Christian,

Phil and I are finalizing an Internet Draft for ZRTP which will be
submitted to the IETF later this month, so the protocol will not be
proprietary.

As for it being too late, its true that SRTP was published in 2004 -
however, it is completely useless unless both parties can negotiate a
secret (master SRTP key and salt).  Currently, there are lots of
proprietary methods and a number of incompatible standard methods to do
this.  There is also no good way to be able to offer SRTP but fall back
to RTP.

ZRTP extends SRTP to make it a usable standalone protocol, and solves
all these problems in a scalable, server-less way that does not rely on
any PKI infrastructure or trust of any intermediate servers.

I hope everyone will wait for the draft and then make up their mind.

Thanks,
Alan Johnston

Tom Harney wrote:

>I apologize Christopher, I misunderstood your question.  Thanks for
>clarifying.  And I think you're correct to assume it won't be making
>its way through IETF anytime soon.  I wonder if his protocol could be
>encapsulated within an existing protocol for compatibility?  I'm an
>amateur, so I'm still learning about these protocols.
>
>Tom
>
>On 2/3/06, Christian Stredicke <Christian.Stredicke at snom.de> wrote:
>  
>
>>Tom, open source does not mean it is not proprietary.
>>
>>Zfone uses "ZRTP", which is currently his own proprietary protocol. I
>>appreciate Phil's work, it is surely a masterpiece. But it is too late!
>>The rest of this planet has agreed in the meantime on SRTP and TLS. Phil
>>should have contributed to RFC3261 (sips, tls transport layer) and
>>RFC3711 (SRTP). RFC3261 was published in June 2002, and SRTP was
>>published in March 2004. If Phil introduces it in March to the IETF, I
>>do not assume it will become an RFC too soon.
>>
>>CS
>>
>>    
>>
>>>-----Original Message-----
>>>From: Voipsec-bounces at voipsa.org
>>>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Tom Harney
>>>Sent: Thursday, February 02, 2006 11:31 PM
>>>To: Christian Stredicke
>>>Cc: voipsec at voipsa.org
>>>Subject: Re: [VOIPSEC] Phil Zimmerman to release VoIP
>>>Encryption Software(c.March)
>>>
>>>Christian,
>>>
>>>If you listen to the podcast on
>>>http://www.blueboxpodcast.com/2006/01/blue_box_etel20.html
>>>Phil, in his final comments, indicates that he will be
>>>licensing this through an open source license.  I'm assuming
>>>GPL?  or LGPL maybe?
>>>
>>>Cheers,
>>>Tom
>>>
>>>On 2/2/06, Christian Stredicke <Christian.Stredicke at snom.de> wrote:
>>>      
>>>
>>>>Is it proprietary? Has it been tested against other sip and srtp
>>>>implementations?
>>>>
>>>>Sorry, those might be stupid questions!
>>>>
>>>>CS
>>>>
>>>>        
>>>>
>>>>>-----Original Message-----
>>>>>From: Voipsec-bounces at voipsa.org
>>>>>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Candace Holman
>>>>>Sent: Thursday, February 02, 2006 7:16 PM
>>>>>To: voipsec at voipsa.org
>>>>>Subject: [VOIPSEC] Phil Zimmerman to release VoIP Encryption
>>>>>Software (c.March)
>>>>>
>>>>>    Here's an article describing Zimmerman's zFone
>>>>>          
>>>>>
>>>plugin.  Are any of
>>>      
>>>
>>>>>    you softphone vendors planning to leap on this in March?  It's
>>>>>    pretty good (no pun intended).
>>>>>
>>>>>    Quick summary:
>>>>>
>>>>>        * plugin works with the client IP stack
>>>>>        * no centrally managed key handling
>>>>>        * users confirm via voice the 'keys' they read on their
>>>>>screens,
>>>>>          esp for critical calls
>>>>>
>>>>>    http://www.voip-magazine.com/content/view/1674
>>>>>
>>>>>    Candace Holman
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Voipsec mailing list
>>>>>Voipsec at voipsa.org
>>>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>_______________________________________________
>>>>Voipsec mailing list
>>>>Voipsec at voipsa.org
>>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>>
>>>>        
>>>>
>>>_______________________________________________
>>>Voipsec mailing list
>>>Voipsec at voipsa.org
>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>
>>>
>>>
>>>      
>>>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>  
>


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


-- 
Until later, Geoffrey

More information about the Ale mailing list