Zfone Secures VoIP Traffic at the Gateway Level
Found on Digg of all places, a press release went out today from Borderware saying they had licensed the use of Phil Zimmerman's Zfone product for use in their SIPassure VoIP Security Gateway. The theory is that calls that originate from an enterprise and terminate over some "untrusted network" like the Internet. The Zfone product, being relatively transparent, grabs SIP RTP (voice) packets and transparently encrypts them. The SIP client doesn't have to know its getting encrypted, its acts totally transparent. Borderware is implementing this functionality in what amounts to a proxy server for SIP.
Without delving too deeply into the architecture, this will only work for calls that leave the confines of the corporate network. Guess what? Many of the corporate VoIP implementations are intranet only, i.e. all the VoIP stays within the confines of the corporate LAN/WAN. It rarely, if ever, touches the Internet. I could see a corporation using something like this with a ZRTP client on a laptop to enable secure remote access to the IP phone system from a softclient on a PC. Or maybe it would work as a sort of a VPN for IP calls between sites, but why wouldn't you use a traditional VPN for that?
Maybe it's because I'm tired and sleep deprived, but I'm having a hard time seeing why this is a compelling product. Mainly because of how corporations deploy VoIP and remote access. It just doesn't seem like a good fit. I would love to be proven wrong.