Sounds like an anonymous Diffie-Hellman session key, wrapped in marketing bullshit. Usable, but susceptible to MITM.Unless I am reading this wrong, it is much, much worse than that - it seems to say that, unless you are running your own server (which requires a DNS entry and server rights, etc), the session key is being generated at the central server and *issued* to the two parties - with all the third party compromise, LEAK order problems and sheer poor design issues that implies.
SIP *has* a crypto negotiation field in the protocol - why aren't they using that, instead of "rolling their own"?
