Yes. The ZRTP protocol does have the optional capability to use a PKI if you already have a PKI up and running. But ZRTP does not actually require a PKI.It’s a mistake to make a secure VoIP protocol require a PKI.There are major problems and complexities with building, maintaining, and relying on PKI.
First let’s review some good reasons why it’s a mistake to make a secure VoIP protocol require a PKI. There are major problems and complexities with building, maintaining, and relying on PKI. That’s why, in the 1990s, a number of companies died trying to build and market PKI technology. See Ellison and Schneier’s paper Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure and Ellison’s paper Improvements on Conventional PKI Wisdom. In the email encryption world, a PKI architecture was the kiss of death for PEM and MOSS , both of which were swept aside by PGP . This also led to S/MIME never reaching critical mass, despite its advantage of being bundled in Microsoft’s products. PGP became the dominant email encryption standard because it did not depend on a centrally managed PKI.
Plus, there have been a growing number of spectacular security failures of traditional PKIs, notably, the Comodo and DigiNotar debacles, and the stolen certificate-signing keys that enabled the Stuxnet worm attack.
Nonetheless, if you feel you must use a PKI and already have one, here’s how ZRTP can make use of it.
The ZRTP spec (RFC 6189) describes how ZRTP can use a PKI-backed digital signature key to sign the short authentication string (SAS) in the ZRTP CONFIRM packet, to reduce reliance on users verbally comparing them during the call. Organizations that feel comfortable with PKIs can still get what they want. Thus, ZRTP offers all of the advantages of a protocol that can use a PKI, without actually becoming dependent on a PKI for security.
There is another way for a ZRTP implementation to benefit from a PKI, without becoming dependent on one. The IETF plans to someday add integrity protection to the delivery of SIP information, and that integrity protection will rely on a PKI. If this ever happens, ZRTP has protocol features that can leverage an integrity-protected SIP layer to provide integrity protection for ZRTP’s Diffie-Hellman exchange in the media layer. Which thus confers protection against a man-in-the-middle (MiTM) attack, without requiring the users to verbally compare the SAS.