Simson Garfinkel analyses Skype - Open Society Institute

[John Kelsey]

>From: Adam Shostack <adam at homeport.org>
>Sent: Jan 29, 2005 12:45 PM
>To: Mark Allen Earnest <mxe20 at psu.edu>
>Cc: cryptography at metzdowd.com
>Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute

>But, given what people talk about on their cell phones and cordless
>phones, and what they send via unencrypted email, they are acting like
>they think their communications are secure in the absence of any
>encryption.  So I don't think adding some 'cryptographic mumbo jumbo'
>is going to change their sense of security in the wrong direction.

One thing most people seem to miss about this, though, is that cellphones and cordless phones are *great* for privacy from other humans who live in your house or work in your office.  When you don't want your children to hear a conversation, you can go take the call in the bathroom or in the car while you're driving alone.  Everybody seems to miss this--cellphones and cordless phones don't diminish privacy, they just move it around.  Sophisticated eavesdroppers can violate more of your privacy, but nosy family members, roommates, and office mates can violate a lot less.  I thnk most people correctly evaluate which of these groups is more likely to do something unpleasant with what they learn by eavesdropping.  

It seems to me that VOIP pushes this in a somewhat different direction, because it's probably easy for your high-speed internet access (maybe a wireless hop to a router that talks to a cable modem) to be eavesdropped by moderately technically savvy nosy neighbors, and because there are a lot of criminals who are using more technology, and will surely target VOIP if they think they can make any money off it.  

>Adam

--John Kelsey

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com