You understood it right. However, I am not as convinced that
all methods do support this requirement. E.g., how would ZRTP
support a PSTN GW. How would a user be able to read the SAS
as a PSTN user?
Right, the SAS can't be displayed and the user can't read it to
the other user. Of course, once the PSTN is involved there no
longer is end-to-end encryption, so even if you could read the
SAS it (and SRTP) only protects the VoIP portion of the call
leg.
But, to provide some security in such a situation zrtp-03
introduced the ability to sign the exchange using a
certificate. This certificate could be exchanged in, or
referenced in, SIP signaling (although how this is done isn't
specified in zrtp-03). By doing this, a PSTN gateway could
perform SAS validation on behalf of the user who cannot
perform SAS validation.
A similar technique could be used when modems or fax machines
are involved; they also cannot recite the SAS.