Why do we need ZRTP if we already have SRTP? Isn’t SRTP good enough?

This is the wrong question to ask. Despite the similarity in the two names, it is not a choice between SRTP and ZRTP. SRTP is the protocol we use to encrypt the low level voice packets. But you cannot use SRTP until both parties have agreed on what key to use for the SRTP encryption. The SRTP protocol (RFC 3711) says nothing about how session keys are negotiated. That’s where ZRTP (RFC 6189) comes in. ZRTP is the protocol that the two parties use to negotiate the SRTP session key. Silent Phone uses SRTP, but it uses ZRTP first to negotiate the SRTP session key. There are several different protocols that may be used to negotiate SRTP session keys, including ZRTP, SDES, or DTLS. Of course, we think ZRTP is the best one.
But wait. When you say you are already using SRTP, what do you mean, exactly? Too many people in the VoIP industry have unfortunately started misusing the term SRTP as shorthand for “SRTP with keys negotiated via SDES”. This wrongly presumes SDES is the only way to negotiate SRTP session keys. Which brings us to the next question.

  • 54
  • 12-Jun-2017