Privacy Guru Locks Down VOIP
<<<... But David Endler, chairman of the VOIP Security Alliance industry group and director of security research at TippingPoint, said a protocol for encrypting and protecting VOIP data already exists and companies are starting to make VOIP phones that support the protocol. But he said that people typically don't enable the encryption option.
"Probably because we're not seeing attacks yet," he said. He said most users are less concerned with eavesdropping than with having VOIP service that provides the same quality and reliability that they expect from regular phone service. "Some people can see clearly that there's a need for this, and others wonder if anyone cares about protecting phone calls," Zimmermann said.
"But those are the same people who wondered why anyone would want to protect e-mail. I think as people gain experience with VOIP they're going to have a great appreciation for the need to come up with extra measures to protect it."
Endler also said that companies using VOIP are reluctant to implement encryption because of the overhead involved in managing the public key infrastructure, or PKI. "You have to be able to store a key on most of these end points," he said. PKI requires two keys for encryption: a public key that a user gives to anyone who wishes to communicate with him or her, and a private key, which decrypts messages that the user receives. That won't be a problem with Zimmermann's system, which doesn't use PKI. Zimmermann said PKI is unnecessarily complex for VOIP. more>>>
Links