As an user of SpeakFreely (7.2 on Windows, stillcan't get my USB headset to work properly with SF 7.3 on Linux) I've got the following three items on my wish list. (Hey, I wasn't naughty this year. Honest).
1) built-in PKI support, with fallback to clear. Right now it uses some obscure PGP version, and probably doesn't even ask key servers. In practise it's much easer to agree on an IDEA of Blowish key -- but it's not an out of band communication, and if you don't switch to the same key synchronously one party is going to have her eardrums blasted with LOUD digital noise. I think it would be simplest to use SSL, with PGP (7.2 doesn't support GPG apparently) support left in for those parties who need it. I must stress that currently using crypto means: 1) people asking you to do some complicated operations on your end, while you're unsure why (you just wanted to talk, why does this other party asks me this for? what are his motives?) 2) using some rather technical lingo (have you ever tried explaining what cryptography is to a houswife from the Emirates? And why she possibly can get in trouble using it? (She doesn't, I looked up the crypto regulations for her country)). 3) if you comply, you get blasted with LOUD SCARY NOISE As you can see, here's some heavy negative conditioning at work here, making the average user associate crypto with pushy geeks asking you to do technical stuff at your end and then get blasted by scary loud noise for your pains. Ugh, not again, thanks. 2) Voice Activation with default threshold set to zero as default. Push-to-talk is annoying as hell, and should be the optional mode, not the other way round. 3) A realtime display of current lag time (bar and/or numeric) would be very nice. Lag is unpredictable, and varies over time. Ping/pong protocol at meat level is very annoying, especially if one have to instruct some clueless party on the other end first, through a link that doesn't work like your average phone. 4) Did I say three? Four, FOUR things. Even with current small user community one will frequently get talked by new users debugging their setup (see points 2-3 to make it easier), or some teenagers who're out to annoy. It would be nice to have a realtime public "phonebook" with geographical separations, and ability to block connections from some parties. This point is currently very unimportant, though. On Sat, 21 Dec 2002, Thomas Shaddack wrote: > http://www.speakfreely.org/ is a nice, open-source cross-platfor VoIP > software. Supports encryption by DES, Blowfish, and IDEA. > > Had anyone knowledgeable ever looked at its code? How secure this > implementation is? Is better to use Blowfish or IDEA? Where are the > potential holes there?