/. [PGP Creator's Zfone Encrypts VoIP]
Link: http://slashdot.org/article.pl?sid=06/03/14/1842248 Posted by: CmdrTaco, on 2006-03-15 01:12:00 Philip Zimmermann, creator of PGP wrote in to tell me about [1]Zfone, his new system for encrypting any SIP VoIP voice stream. His first release is Mac & Linux only. I tested it with him using Gizmo as our client and it was pretty trivial to use. While it should work on most any SIP compatible VoIP client, he hopes that clients like OpenWengo and Gizmo will incorporate Zfone directly into the UI. Zfone has no centralization, and has been submitted to the IETF. He hasn't yet determined a license, but he believes strongly in releasing source code for all encryption products. A windows client is forthcoming. References 1. http://www.philzimmermann.com/EN/zfone/index.html ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
This is interesting. Sorry...I'm a working stiff so I haven't kept up with the protocols. Does SIP in any way force a centralized "switch" paradigm on the VoIP implementation? My thinking is that it does not, it's more of an interface. Which means that Zfone could be Peer-to-Peer, and I would bet Zimmerman would have shot for that. Anyone know? -TD
From: Eugen Leitl <eugen@leitl.org> To: cypherpunks@jfet.org Subject: /. [PGP Creator's Zfone Encrypts VoIP] Date: Wed, 15 Mar 2006 09:25:32 +0100
Link: http://slashdot.org/article.pl?sid=06/03/14/1842248 Posted by: CmdrTaco, on 2006-03-15 01:12:00
Philip Zimmermann, creator of PGP wrote in to tell me about [1]Zfone, his new system for encrypting any SIP VoIP voice stream. His first release is Mac & Linux only. I tested it with him using Gizmo as our client and it was pretty trivial to use. While it should work on most any SIP compatible VoIP client, he hopes that clients like OpenWengo and Gizmo will incorporate Zfone directly into the UI. Zfone has no centralization, and has been submitted to the IETF. He hasn't yet determined a license, but he believes strongly in releasing source code for all encryption products. A windows client is forthcoming.
References
1. http://www.philzimmermann.com/EN/zfone/index.html
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
At 08:13 AM 3/15/2006, Tyler Durden wrote:
This is interesting. Sorry...I'm a working stiff so I haven't kept up with the protocols. Does SIP in any way force a centralized "switch" paradigm on the VoIP implementation? My thinking is that it does not, it's more of an interface. Which means that Zfone could be Peer-to-Peer, and I would bet Zimmerman would have shot for that. Anyone know?
SIP is no longer quite "simple", but it's certainly simpler and more powerful than H.323. It looks a lot like an IM system. The basic model is client/server, with servers that can proxy requests to other servers, where the job of a server is to provide presence service so that clients can find each other, and actual media channels are client-to-client. (This does mean that you sometimes need to tunnel through NAT and firewalls.) Because servers can proxy requests to other servers, it's no longer a simple hierarchy model. And most SIP clients support direct client-to-client connections - as long as you figure out the destination user's address yourself if you don't have a server, and don't mind not having a server to tell you who's calling, reject junk callers, etc. A popular approach is to have an IP PBX that uses SIP functions to listen to IP phones or IP video, talk to other IP PBXs, and talk to telco SIP servers to reach old telco phones, (alternatively to support traditional telco lines using hardware on the PBX), and also to talk to other servers like conference bridges, voicemail, or voicemail-to-email gateways. The two main pre-SIP standards our there are H.323, which is a simpler client-server model that reuses large amounts of ugly ISDN protocols, and Cisco's SCCP (aka "Skinny") which is a simpler pre-H.323 protocol. There are a number of different SIP server types out there - Asterisk IP PBX is a free open-source application that runs on Linux. Most of the development is funded by Digium, a company that sells hardware like telco interface boards for PCs, including T1, single-line telco interfaces, and single-line phone interfaces, etc. - VOIP servers built into routers. Cisco mostly uses Skinny, but they'll do SIP "real soon". - Old PBX vendor PBXs with IP boards - mostly H.323, with SIP support emerging. - Centralized SIP servers that support sites with IP phones and no servers - This includes routers from Cisco, etc., as well as specialized servers from vendors like Sylantro and Acme Packets. In the pre-SIP world, you generally don't mix site-based servers like Asterisk and centralized servers, because you don't need both, except for things like Cisco SRST failure-mode support in routers, but since SIP supports proxies, you may have a local server that does your basic presence service and centralized servers for voicemail. - Some people are playing with Distributed Hash Tables instead of real servers. As far as encryption goes, SIP does most of its signalling with an HTTP-like protocol that you can run over TLS, and does media support with RTP (which can be the secure or non-secure versions.) Unfortunately, far too many SIP servers don't handle the crypto negotiations, not only do they not burn the horsepower to do signalling over TLS, they also don't help the clients exchange keys.
On 3/15/06, Bill Stewart <bill.stewart@pobox.com> wrote:
... The basic model is client/server, with servers that can proxy requests to other servers, where the job of a server is to provide presence service so that clients can find each other, and actual media channels are client-to-client. (This does mean that you sometimes need to tunnel through NAT and firewalls.) Because servers can proxy requests to other servers, it's no longer a simple hierarchy model.
there is also TRIP: http://www.voip-info.org/wiki-TRIP an inter-domain routing protocol for VoIP (like BGP for voice). for various political reasons this has never seemed to go anywhere. i posted a patch for gcc 3.x a while back if anyone wants to build the vovida trip daemon on a modern system.
participants (4)
-
Bill Stewart -
coderman -
Eugen Leitl -
Tyler Durden