Phil Zimmerman and voice encryption; a Skype problem?

Adler, Joseph jadler at verisign.com
Thu May 25 12:26:59 EDT 2006 

Hi Paul,

You left out one option: that Tony Rutkowski was misquoted by the Times.
I checked with Tony, and this is, in fact, what happened. Here is his
full response:

------------------------------------------------------------------------
------------

Since the external security lists seem to be buzzing with discourse
about Phil Zimmerman's VoIP encryption product as covered by John
Markoff in the NY times on Monday, and my quote about German
capabilities to decrypt, let me explain the context and what was
actually said.

John (who I've known for several decades) called my cellphone Sunday
morning and said he was writing an article on Zimmerman's software and
his making it available, and asked from a CALEA standpoint, whether this
was covered.  I explained that the recent FCC CALEA orders on VoIP
presently exempted P2P VoIP, so that Zimmerman's product was outside the
requirements.  In multiple roles, including formal filings and legal
forums, I deal with this subject all the time.

I also mentioned, however, that CALEA requirements exist worldwide, and
that German officials at a recent Cyprus standards conference on lawful
interception had stated that they "have a Skype solution."  I explained
to John that most other countries have far more extensive CALEA like
requirements, and that Germany among others were likely to impose their
"solutions."

In the article that was published, my domestic coverage explanation was
attributed to someone else, and my "German solution" explanation was
morphed into a statement that they can decrypt Skype content.   The
context of the actual discussion, however, was regulatory requirements.
Whether the German government can or cannot decrypt Skype content is not
known, and indeed the details of their regulatory requirements are also
unknown.

--tony

-----Original Message-----
From: owner-cryptography at metzdowd.com
[mailto:owner-cryptography at metzdowd.com] On Behalf Of Paul Hoffman
Sent: Monday, May 22, 2006 8:19 AM
To: Steven M. Bellovin; cryptography at metzdowd.com
Subject: Re: Phil Zimmerman and voice encryption; a Skype problem?

At 10:19 AM -0400 5/22/06, Steven M. Bellovin wrote:
>There's an article in today's NY Times (for subscribers, it's at 
>http://www.nytimes.com/2006/05/22/technology/22privacy.html?_r=1&oref=s
>login ) on whether Phil Zimmerman's Zfone -- an encrypted VoIP package 
>-- will invite government scrutiny.  There doesn't seem to be any 
>imminent threat in the U.S.; the one concrete example mentioned -- the 
>British plan to give police the power to compel individuals to disclose

>keys -- doesn't threaten Zfone, because it uses Diffie-Hellman for 
>(among other things) perfect forward secrecy and doesn't even have any 
>long-term keys.  (See draft-zimmermann-avt-zrtp-01.txt for protocol 
>details.)
>
>The fascinating thing, though, was this sentence near the end of the
>article:
>
>	But at a conference last week in Cyprus, German officials said
>	they had technology for intercepting and decrypting Skype phone
>	calls, according to Anthony M. Rutkowski, vice president for
>	regulatory affairs and standards for VeriSign, a company that
>	offers security for Internet and phone operations.
>
>The Berson report says that Skype uses AES-256.  NSA rates that as 
>suitable for Top Secret traffic, so it's presumably not the cipher.
>Berson analyzed a number of other possible attack scenarios; the only 
>one that seems to be possible is an active attack plus forged
certificates.
>If Berson's analysis was correct -- and we all know how hard it is to 
>verify cryptographic protocols -- that leaves open the possibility of a

>protocol change that implemented some sort of Clipper-like
functionality.

Please don't forget that the VeriSign spokesperson may be mistaken, or
purposely lying (possibly in order to drum up business for the company).
Neither would be a first for VeriSign.

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at metzdowd.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list