Phil Zimmermann defends his VoIP crypto

In response to my last blog "Does Phil Zimmermann need a clue on VoIP?", Phil Zimmermann writes this letter defending his recent VoIP demonstration.

[Editor's note:  This paragraph was re-inserted 11 hours after initial post and should not have been cut out, my apologies to Phil Zimmermann.  Detailed explaination here]  Skype's NAT/firewall traversal prowess has nothing to do with its use of a PKI. In fact, it has nothing to do with any aspect of cryptography or key management in any form. To attribute their NAT/ firewall traversal features with the use of a PKI is like attributing their codec voice quality or echo cancellation with a PKI. They did a great job with those features, but a PKI had nothing to do with it.

The reason why they (Skype) can make a PKI work so seamlessly is because they have a proprietary closed system, where they control everything-- the servers, the clients, the service provider (namely, Skype), the protocol, everything.  If I had that luxury, I could make a PKI work too.  Where PKI runs into trouble is when you try to make it work in a heterogeneous environment with different service providers with competing interests.  The trust model becomes unwieldy.  That's what killed PKI based email encryption schemes like PEM and MOSS.  And it has effectively paralyzed S/MIME too, because no one uses S/MIME to encrypt their email, despite S/MIME's massive deployment advantage owing to its inclusion in Microsoft products.  S/MIME requires a PKI to be up and running before you can use it, which means the "activation energy" is too high.  That's why essentially all the encrypted email in the world today is encrypted with PGP, or other OpenPGP products, which require little activation energy.

My secure VoIP protocol also requires almost no activation energy, so I expect it to do well.  The other VoIP client features that make Skype so adaptable to NAT/firewall environments can be implemented in any VoIP client, even one that uses my crypto protocol.  The VoIP client I used in my prototype was not even mine, it was an open source VoIP client I found on the Internet.  I just added my crypto protocol to it for prototyping.  For a real product, I plan to license a mature full-featured commercial VoIP client and add my crypto to that.  I'll make sure it has all the NAT/firewall traversal features it needs before I license it.

I'm surprised you built your case on Skype's non-PKI features, and then used that to suggest I haven't a clue.  I don't claim my core competency is building the best VoIP client, which is why I'll use someone else's VoIP client as a starting point. But I've been thinking about trust models, key management, and PKI since before there were any PKIs.  I've picked up at least one or two clues along the way.  Maybe more than the makers of PKI-based email encryption standards that have been so easily swept aside by PGP.

Regards,
Phil