Pretty Good Privacy (PGP, http://www.pgp.com) is an end-to-end mechanism that seemed like a good idea at the time the architects were writing some of the early drafts of the SIP standard, but it was not popular with VoIP developers and has since been deprecated. Part of the reason for the demise of PGP was its requirement that full public key encryption be used for every transaction. This is problematic from the server side because, while processing hundreds of calls per second, it’s difficult to encrypt and decrypt messages fast enough to avoid a traffic bottleneck. If PGP allowed for a session key that was valid for the entire call, this problem might have been avoidable.

In terms of encryption for this type of system, Internet Protocol security (IPsec, http://www.ietf.org/html.charters/ipsec-charter.html) is a hop-by-hop mechanism that offers a better solution than PGP. IPsec operates under the SIP layer and permits data transportation over TCP or UDP by setting up a security association between two SIP devices. Once this security association and a set of keys have been set up, IPsec encrypts all traffic associated with the same call to match ...