Hello, Philip Zimmermann, author of PGP, works on secure VoIP (Voice over IP) and is starting to make some noise about his zPhone (temporary name): http://www.philzimmermann.com/EN/zfone/ http://www.voip-magazine.com/content/view/1674
No much precise information right now, however : - it should be "OpenSource" (but Free Software???) ; - it uses an new approach (to my knowledge) to authentication and confidentiality: 1. generate a session key with Diffie Hellman protocol, 2. generate a fingerprint that users see on their screen and that they can check by voice over the phone, 3. this fingerprint is reused from one session to the other one between 2 people, so that confidentiality and authentication from session 1 to n is guaranteed by checking the fingerprint at session n; - no key server, neither centralised (PKI) or distributed (Web of Trust); - works within RTP protocol (UDP voice data stream) and an IETF draft is prepared. I find this approach very interesting, especially regarding end user aspects (no key to generate, very simple, should work with NATs, etc.). Of course, one should know more details (patents?) to make one precise idea of it. Best wishes, d. _______________________________________________ Demexp-dev mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/demexp-dev
