Requires Free Membership to View
called PGPfone in 1996, about three years before broadband really took off. Alas, this was early in the cycle, and PGPfone was too far ahead of its time to gain any traction.
But look out, world! Phil is back with Zfone, a new take on secure VoIP that's now available for free in beta test software that works on Windows XP, Mac OS X, and various flavors of Linux. For those who like to go poking around the innards of security-flavored programs, the source code is also available to interested parties for peer review, in keeping with the best tradition in security matters, where algorithms and implementations are deliberately exposed to the public to help uncover (and fix) potential weaknesses, oversights and vulnerabilities.
The Zfone software rests on a new protocol that Zimmermann has developed, called ZRTP. Although this acronym isn't expanded anywhere in Zimmermann's documentation or Web pages, it's pretty safe to hazard the guess that it stands for "Zfone Real Time Protocol" or perhaps even "Zfone secure Real Time Protocol," inasmuch as ZRTP is used to negotiate cryptographic keys for encrypting a VoIP call, after which it turns to the secure implementation of the Real Time Protocol -- known as Secure Real Time Protocol (SRTP) -- to handle low-level packet encryption of the data streaming between call peers.
Zfone works with any standard SIP (Session Initiation Protocol -- a standard TCP-based application protocol widely used for VoIP call setup, management and teardown) phone. Of course, Zfone can provide encryption services for only those calls where both caller and callee run this software (or at least where both ends support the Zfone protocol -- Zimmermann is making this software available to developers for licensing and potential inclusion in other VoIP implementations).
 |
||||
|
|
|||
|
||||
Who is likely to benefit from Zfone? Because it essentially works as a shim that integrates directly into the TCP/IP stack on a client PC, Zfone integrates nicely into existing VoIP client architectures. Although enterprises and large organizations may often be loath to adopt client-based solutions such as this, Zimmermann's long and compelling security track record is such that even these kinds of users should be willing to put Zfone to the test. With other VoIP security implementations scarce, and often difficult and costly to implement, everybody from individuals and small businesses to the largest corporations and organizations can benefit from this outstanding offering.
Check out Zfone at its home page. Your author found that it worked immediately and easily with VoIP implementations from Skype, SpeakFreely and Altigen, without requiring too much additional muss and fuss to install and use. Though there isn't enough accumulated public experience to guarantee that it will work with all VoIP packages, this is a pretty good indicator that it's worth trying out.
About the author:
Ed Tittel is a regular contributor to numerous TechTarget Web sites. He is the author of more than 140 books on a wide range of computing subjects, from markup languages to information security. He is also Technology Editor for Certification Magazine, and he manages content for NetPerformance.com. Email Ed at etittel@techtarget.com.
This was first published in August 2006