ZRTP

ZRTP is a cryptographic key-agreement protocol designed specifically for VoIP. Created by Phil Zimmermann (of PGP fame), ZRTP negotiates encryption keys directly between the two call endpoints using a Diffie-Hellman exchange, then uses those keys to encrypt the SRTP media stream.

Unlike SDES (which passes keys in SIP signaling and relies on TLS for protection), ZRTP negotiates keys in-band on the media path. This provides true end-to-end encryption even if the signaling servers are compromised. Users verify security by reading a short authentication string (SAS) to each other.