[smb at cs.columbia.edu: Skype security evaluation]

Joseph Ashwood ashwood at msn.com
Wed Nov 9 07:20:30 EST 2005


----- Original Message ----- 
From: "Marcel Popescu" <Marcel_Popescu at microbilt.com>
Subject: RE: [smb at cs.columbia.edu: Skype security evaluation]


>> From: owner-cryptography at metzdowd.com [mailto:owner-
>> cryptography at metzdowd.com] On Behalf Of Peter Gutmann

>> I can't understand why they didn't just use TLS for the handshake (maybe
>> YASSL) and IPsec sliding-window + ESP for the transport (there's a free
>> minimal implementation of this whose name escapes me for use by people 
>> who
>> want to avoid the IKE nightmare).

> Do you have some articles about these protocols?

The authoritative reference for TLS is the TLS RFC 
(http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec 
is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why 
they wouldn't use these as they stand, synchronized protocols often require 
finer control over the data block size than these offer, but modification is 
easy enough, and would certainly have caused fewer concerns than a roll your 
own.
                    Joe 



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list