Phil Zimmerman announced yesterday that he has released “Zfone, a new product that takes a new approach to make a secure telephone for the Internet.”
The source is open and beta versions are available for Mac OS X and Linux, and uses Phil’s new ZRTP:
I think it’s better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. It interoperates with any standard SIP phone, but naturally only encrypts the call if you are calling another Zfone client. This new protocol has been submitted to the IETF as a proposal for a public standard, to enable interoperability of SIP endpoints from different vendors.
Way to go Phil! We’re all still pulling our hair out over email key management and he announces a PKI-less (server-less!) communication client for voice. This defnitely lowers the bar for adoption of a secure system while increasing trust.