Hello,
Philip Zimmermann, author of PGP, works on secure VoIP (Voice over IP)
and is starting to make some noise about his zPhone (temporary name):
http://www.philzimmermann.com/EN/zfone/
http://www.voip-magazine.com/content/view/1674
No much precise information right now, however :
- it should be OpenSource (but Free Software???) ;
- it uses an new approach (to my knowledge) to authentication and
confidentiality:
1. generate a session key with Diffie Hellman protocol,
2. generate a fingerprint that users see on their screen and that
they can check by voice over the phone,
3. this fingerprint is reused from one session to the other one
between 2 people, so that confidentiality and authentication from
session 1 to n is guaranteed by checking the fingerprint at session n;
- no key server, neither centralised (PKI) or distributed (Web of Trust);
- works within RTP protocol (UDP voice data stream) and an IETF draft
is prepared.
I find this approach very interesting, especially regarding end user
aspects (no key to generate, very simple, should work with NATs,
etc.).
Of course, one should know more details (patents?) to make one precise
idea of it.
Best wishes,
d.
___
Demexp-dev mailing list
Demexp-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/demexp-dev
