We’ve been waiting for Phil Zimmermann (the inventor of PGP) to come out with his VoIP encryption software known (at least for the time being as Zfone) for over a year now. 

The good news is that he’s released a free beta version.  The bad news is that there’s no Windows version yet – we’ll have to wait another month for that:

I’ve just released Zfone, a new product that takes a new approach to make a secure telephone for the Internet.

I think it’s better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. It interoperates with any standard SIP phone, but naturally only encrypts the call if you are calling another Zfone client. This new protocol has been submitted to the IETF as a proposal for a public standard, to enable interoperability of SIP endpoints from different vendors.