One way to look at it is this - it sets an example, and can be used to spur the open source community into providing an encrypted VoIP that works.
Note that crypto hooks *are* embedded in the open standard SIP protocol - they just aren't used (XTen provide crypto for their client, but it is propriatory and doesn't use the crypto negotiation hooks in the protocol)
Given the existence of the open source crypto libraries and the open source protocol, there is no reason not to combine the too - but oddly, there is no decent, open source SIP phone for windows (yes, I know - but its still the dominant platform out there) and until there is, I can't see how an open source but secure webphone could get off the ground.
I absolutely agree that this should spur the development of open source product along. One thing I suspect is that it will be somewhat difficult in a standards environment to do this. So SIP starts from a disadvantage, I'd suspect. Crypto protocols don't sit nicely being developed by committee. There are no successful examples of this.
Instead, good crypto protocols are wacked together by 1 or 2 guys in a quick afternoon's hacking, based on some clear and desparate need. Well, ok, so a bit longer than that. But the thing is, the more the product draws from different areas, the more you need a tight cohesive team that is not forever fighting the rabble of the committee.
I and Zooko recently knocked up a datagram protocol, something that there isn't much of out there. But it's not really oriented to VOIP. There is a new one by Eric Rescorla and a mate of his .. based on SSL, but again, I think SSL is a difficult choice to start from. There is a lot of merit in really throwing everything out and starting from scratch.
Posted by Iang at February 13, 2005 09:20 PM