Phil Zimmerman, a visionary in the encryption game, has given us the software PGP. Here is the marketing spin from the PGP home page,
Created for individuals who want to secure private email, selected files, and AOL® Instant Messenger™ (AIM) traffic, PGP Desktop Home can be used by both casual and power users. Specifically designed for individuals who send email through an Internet Service Provider (ISP), PGP Desktop Home provides email security for casual users who want to configure their security settings once and then forget about them as well as power users who want to work with a sophisticated array of configuration options.
Now, with that available in both the commercial and home versions Zimmerman, no longer affiliated with PGP, has a new offering, Zfone. This first was mentioned at Black Hat 2005, and I got around to writing about it in March. Zfone is a an encrypted peer-to-peer VoIP communication tool. Here is the description from the main site,
Zfone uses a new protocol called ZRTP, which is better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. It interoperates with any standard SIP phone, but naturally only encrypts the call if you are calling another ZRTP client. This new protocol has been submitted to the IETF as a proposal for a public standard, to enable interoperability of SIP endpoints from different vendors.
The Zfone software is already available for Mac and Linux and as of this writing it is now available for to download for you Windows users as well. The quick question that will be on everyones tongue, does it work with Skype? No. Skype is built on their own protocol version that is not open to the world. Ah well, still very cool. I will be testing Zfone myself on all three platforms in a couple weeks when I get back into the lab.
The article that sparked me to write about this was from the International Herald Tribune. This is the passage that got me thinking,
The Federal Communications Commission has begun adopting rules that would force Internet service providers and companies that use voice over Internet protocol to adopt the technology permitting law enforcement officials to monitor conventional telephone calls. But for now, at least, regulation exempts programs that operate directly between computers and not through a hub.
With the whole debacle that arose from Bush sanctioning the NSA to record phone calls, I’m now very interested to try out Zfone.
[tags]Phil Zimmerman, Zfone, VoIP, Bush, NSA, Privacy, Wiretap[/tags]
