RedPhone uses a really interesting system. The first time you initiate a call with someone redphone displays a word that is based on the keys exchanged.
Each user talks about the word and confirms they got the same word, thereby verifying that there is no man in the middle.
The assumption is that it is hard for an attacker to forge and inject a believable conversation into an ongoing real time conversation.
This is call SAS or Short Authenticated Strings and I believe it was introduced in the paper 'Secure Communications over Insecure Channels Based on Short Authenticated Strings' (the pdf can be found off of google). You can read about it here: http://en.wikipedia.org/wiki/ZRTP#Authentication
The assumption is that it is hard for an attacker to forge and inject a believable conversation into an ongoing real time conversation.
This is call SAS or Short Authenticated Strings and I believe it was introduced in the paper 'Secure Communications over Insecure Channels Based on Short Authenticated Strings' (the pdf can be found off of google). You can read about it here: http://en.wikipedia.org/wiki/ZRTP#Authentication