Phillip has released his software for encryptiong VoIP; looks interesting :)
http://www.philzimmermann.com/EN/zfone/index.html | First they ignore you, then they laugh at you, then they fight you, | then you win. -- Mohandas Gandhi On Tue, 31 Jan 2006, Simon P. Ditner wrote: > "Security on VoIP". Phillip Zimmerman, the author of PGP (software for > encrypting and signing documents and emails) spoke on his > soon-to-be-released VoIP encryption software. It works independently > of SIP by encrypting RTP streams end to end. The part I found > particularly clever was his technique for verify that there is no man > in the middle snooping your call (I'm not a crypto expert, so the > details are a bit fuzzy). Essentially, the way it works is that once a > call is set up, you speak your public key to the other person, and > verify that that is what they received on their end. Now the really > clever part is that for each subsequent call to the same party, your > previous key and previous remote party's key are used to generate a > key for this call, creating a trust relationship in the same manner > that Verisign signs an SSL certificate for Thawte, and then Thawte can > sign your certificate, and so on. >
