[Clips] Phil Zimmermann defends his VoIP crypto
R.A. Hettinga
rah at shipwright.com
Fri Aug 5 12:07:45 EDT 2005
--- begin forwarded text
Delivered-To: clips at philodox.com
Date: Fri, 5 Aug 2005 12:07:11 -0400
To: Philodox Clips List <clips at philodox.com>
From: "R.A. Hettinga" <rah at shipwright.com>
Subject: [Clips] Phil Zimmermann defends his VoIP crypto
Reply-To: rah at philodox.com
Sender: clips-bounces at philodox.com
<http://blogs.zdnet.com/Ou/?p=87>
| George Ou | ZDNet.com
8/5/2005
Phil Zimmermann defends his VoIP crypto
-Posted by George Ou @ 2:06 am
Security
Infrastructure
In response to my last blog "Does Phil Zimmermann need a clue on VoIP?",
Phil Zimmermann writes this letter defending his recent VoIP demonstration.
The reason why they (Skype) can make a PKI work so seamlessly is because
they have a proprietary closed system, where they control everything- the
servers, the clients, the service provider (namely, Skype), the protocol,
everything. If I had that luxury, I could make a PKI work too. Where PKI
runs into trouble is when you try to make it work in a heterogeneous
environment with different service providers with competing interests. The
trust model becomes unwieldy. That's what killed PKI based email
encryption schemes like PEM and MOSS. And it has effectively paralyzed
S/MIME too, because no one uses S/MIME to encrypt their email, despite
S/MIME's massive deployment advantage owing to its inclusion in Microsoft
products. S/MIME requires a PKI to be up and running before you can use
it, which means the "activation energy" is too high. That's why
essentially all the encrypted email in the world today is encrypted with
PGP, or other OpenPGP products, which require little activation energy.
My secure VoIP protocol also requires almost no activation energy, so I
expect it to do well. The other VoIP client features that make Skype so
adaptable to NAT/firewall environments can be implemented in any VoIP
client, even one that uses my crypto protocol. The VoIP client I used in
my prototype was not even mine, it was an open source VoIP client I found
on the Internet. I just added my crypto protocol to it for prototyping.
For a real product, I plan to license a mature full-featured commercial
VoIP client and add my crypto to that. I'll make sure it has all the
NAT/firewall traversal features it needs before I license it.
I'm surprised you built your case on Skype's non-PKI features, and then
used that to suggest I haven't a clue. I don't claim my core competency is
building the best VoIP client, which is why I'll use someone else's VoIP
client as a starting point. But I've been thinking about trust models, key
management, and PKI since before there were any PKIs. I've picked up at
least one or two clues along the way. Maybe more than the makers of
PKI-based email encryption standards that have been so easily swept aside
by PGP.
Regards,
Phil
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips at philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list