Open ZRTP is an LGPL project that is created, funded and maintained by iCall. Open ZRTP is implemented in iCall version 7 and greater.

As VoIP usage becomes more prevalent, reliable and trustworthy security has become a necessary requirement to encourage further adoption in the enterprise, as from security conscious consumers.

SRTP (Secure Realtime Transfer Protocol) is a protocol that allows two SIP endpoints to encrypt their communication. SRTP is the traditional encryption protocol used to secure VoIP, however SRTP has one core problem, key negotiation. SRTP key negotation and pre-shared secrets are complex and cumbersome to set up. SRTP is also susceptible to man-in-the-middle attacks, so SRTP is great in concept, but is difficult and unreliable in implementation on it's own.

ZRTP is a mechanism for negotiating the shared secrets and key exchanges between two endpoints using SRTP. ZRTP uses what is called "opportunistic encryption," which means that the RTP streams (audio/video) don't worry about security, they leave that up to ZRTP. When an RTP connection is established between two or more endpoints, ZRTP auto-senses whether the other endpoint supports ZRTP, and then secures the channel transparently to the program handling the RTP stream itself.

When ZRTP secures a channel, it sets a flag and allows the program to provide visual and/or audio cues to the user, indicating that the conversation is secure. ZRTP is not subject to man-in-the-middle attacks, making it superior to traditional SRTP negotiations.

There are several other ZRTP implementations available to developers - GNU ZRTP, ZORG ZRTP and Zfone ZRTP. GNU ZRTP is from the GNU foundation, and is available under a GPL license. ZORG ZRTP is available under a GPL license, while Zfone ZRTP (created by Phil Zimmerman, the founding creator of ZRTP) is available under a hybrid commercial/GPL license.

iCall believes strongly that while GPL software has it's place for something that is basically an underlying requirement to improve adoption of software, a LGPL- or BSD-style of license is essential.

Why LGPL? Because corporations such as Microsoft, Cisco, Avaya, Google and many others will not use GPL code within a propietary product. Much like Open SSL, which is now the defacto standard for encrypting Internet traffic, widespread adoption of a VoIP protocol, such as ZRTP, requires that it be free, easy to implement and available for use in virtually any type of software.

Visit our Open ZRTP Google Code project page to download the source code and/or participate in improving the Open ZRTP implementation.