[guardian-dev] Blog post: VoIP Security Architecture

elijah elijah at riseup.net
Fri Nov 22 14:49:44 EST 2013


On 11/21/2013 04:11 PM, Lee Azzarello wrote:

> Second, there is ZRTP. This protocol enters into the mix after a
> successful SIP dialog establishes a call session by locating the two
> endpoints. It transmits key agreement information over an RTP channel
> between the peers. The peers use their voices to speak a secret they
> read over a plaintext channel.

Perhaps you know something I don't, but it seems unlikely to me that 
short authentication string exchange happens over a cleartext channel, 
as it would defeat the purpose. ZRTP has a really cool property where 
you never need to authenticate with the SAS, but if you do it once, you 
can be assured that all your prior conversions were secure.

-elijah


More information about the Guardian-dev mailing list