[Clips] Phil Zimmermann defends his VoIP crypto

R.A. Hettinga rah at shipwright.com
Fri Aug 5 12:07:45 EDT 2005


--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Fri, 5 Aug 2005 12:07:11 -0400
 To: Philodox Clips List <clips at philodox.com>
 From: "R.A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] Phil Zimmermann defends his VoIP crypto
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://blogs.zdnet.com/Ou/?p=87>

  | George Ou | ZDNet.com

 8/5/2005
  Phil Zimmermann defends his VoIP crypto

 -Posted by George Ou @ 2:06 am
 Security
  Infrastructure

 In response to my last blog "Does Phil Zimmermann need a clue on VoIP?",
 Phil Zimmermann writes this letter defending his recent VoIP demonstration.
 The reason why they (Skype) can make a PKI work so seamlessly is because
 they have a proprietary closed system, where they control everything- the
 servers, the clients, the service provider (namely, Skype), the protocol,
 everything.  If I had that luxury, I could make a PKI work too.  Where PKI
 runs into trouble is when you try to make it work in a heterogeneous
 environment with different service providers with competing interests.  The
 trust model becomes unwieldy.  That's what killed PKI based email
 encryption schemes like PEM and MOSS.  And it has effectively paralyzed
 S/MIME too, because no one uses S/MIME to encrypt their email, despite
 S/MIME's massive deployment advantage owing to its inclusion in Microsoft
 products.  S/MIME requires a PKI to be up and running before you can use
 it, which means the "activation energy" is too high.  That's why
 essentially all the encrypted email in the world today is encrypted with
 PGP, or other OpenPGP products, which require little activation energy.
 My secure VoIP protocol also requires almost no activation energy, so I
 expect it to do well.  The other VoIP client features that make Skype so
 adaptable to NAT/firewall environments can be implemented in any VoIP
 client, even one that uses my crypto protocol.  The VoIP client I used in
 my prototype was not even mine, it was an open source VoIP client I found
 on the Internet.  I just added my crypto protocol to it for prototyping.
 For a real product, I plan to license a mature full-featured commercial
 VoIP client and add my crypto to that.  I'll make sure it has all the
 NAT/firewall traversal features it needs before I license it.
 I'm surprised you built your case on Skype's non-PKI features, and then
 used that to suggest I haven't a clue.  I don't claim my core competency is
 building the best VoIP client, which is why I'll use someone else's VoIP
 client as a starting point. But I've been thinking about trust models, key
 management, and PKI since before there were any PKIs.  I've picked up at
 least one or two clues along the way.  Maybe more than the makers of
 PKI-based email encryption standards that have been so easily swept aside
 by PGP.
 Regards,
 Phil

 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list