ZRTP: Media Path Key Agreement for Unicast Secure RTP
RFC 6189

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Document Action: 'ZRTP: Media Path Key Agreement for Unicast Secure RTP' to Informational RFC

The IESG has approved the following document:

- 'ZRTP: Media Path Key Agreement for Unicast Secure RTP '
   <draft-zimmermann-avt-zrtp-22.txt> as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Robert Sparks.

A URL of this Internet-Draft is:

Technical Summary

    This document defines ZRTP, a protocol for media path Diffie-Hellman
    exchange to agree on a session key and parameters for establishing
    Secure Real-time Transport Protocol (SRTP) sessions for VoIP
    applications.  The ZRTP protocol is media path keying because it is
    multiplexed on the same port as RTP and does not require support in
    the signaling protocol.  ZRTP does not assume a Public Key
    Infrastructure (PKI) or require the complexity of certificates in end
    devices.  For the media session, ZRTP provides confidentiality,
    protection against man-in-the-middle (MiTM) attacks, and, in cases
    where the signaling protocol provides end-to-end integrity
    protection, authentication.  ZRTP can utilize a Session Description
    Protocol (SDP) attribute to provide discovery and authentication
    through the signaling channel.  To provide best effort SRTP, ZRTP
    utilizes normal RTP/AVP profiles.  ZRTP secures media sessions which
    include a voice media stream, and can also secure media sessions
    which do not include voice by using an optional digital signature.

IETF Discussion Summary

    This protocol was proposed as a solution for keying SRTP and received

    significant review and discussion while it was being considered. The
    IETF chose a different proposal (draft-ietf-avt-dtls-srtp) to publish
    as Proposed Standard.

Document Quality   

    There are multiple implementations of this protocol.
    A reference implementation of ZRTP is available as Zfone.