[smb at cs.columbia.edu: Skype security evaluation]
Joseph Ashwood
ashwood at msn.com
Wed Nov 9 07:20:30 EST 2005
----- Original Message -----
From: "Marcel Popescu" <Marcel_Popescu at microbilt.com>
Subject: RE: [smb at cs.columbia.edu: Skype security evaluation]
>> From: owner-cryptography at metzdowd.com [mailto:owner-
>> cryptography at metzdowd.com] On Behalf Of Peter Gutmann
>> I can't understand why they didn't just use TLS for the handshake (maybe
>> YASSL) and IPsec sliding-window + ESP for the transport (there's a free
>> minimal implementation of this whose name escapes me for use by people
>> who
>> want to avoid the IKE nightmare).
> Do you have some articles about these protocols?
The authoritative reference for TLS is the TLS RFC
(http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec
is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why
they wouldn't use these as they stand, synchronized protocols often require
finer control over the data block size than these offer, but modification is
easy enough, and would certainly have caused fewer concerns than a roll your
own.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list