Cedric sent me an interesting link this morning. Apparently Phil
Zimmermann (of PGP fame)
has been playing with VOIP and has
released a secure SIP-based
client called zFone.
Zfone uses a new protocol called ZRTP, which is better than the other
approaches to secure VoIP, because it achieves security without reliance on a PKI,
key certification, trust models, certificate authorities, or key management complexity
that bedevils the email encryption world. It also does not rely on SIP signaling for
the key management, and in fact does not rely on any servers at all. It performs its
key agreements and key management in a purely peer-to-peer manner over the RTP packet
stream. It interoperates with any standard SIP phone, but naturally only encrypts
the call if you are calling another ZRTP client.