[Beowulf] Re: "hobbyists"
dan at geer.org
dan at geer.org
Sat Jun 21 19:26:42 EDT 2008
Eugen Leitl writes:
-+-----------------
| I think that's a wise decision. Skype is a giant black
| box. Fabrice Desclaux published a fair amount of
| cryptanalysis papers about Skype, each one more
| frightening than the previous ([1], [2] and [3])
My read on Skype is that they are doing a world
leading job when it comes to avoiding vulnerabilities,
better, indeed than the operating systems on which
they run.
One could call it a design weakness that to interface
with the plain old telephone system there has to be
a knowable, fixed in-the-clear peering to the POTS.
If I am a state actor or equivalent, I do not need
to bother myself with breaking VoIP crypto -- I just
insert some tool into the peering point where the
Skype caller reverts to the ordinary.
Yes, a state may be interested in two parties each
of whom has a Skype instance and thus the demodulation
for POTS does not occur, but two such parties, if
they really care, would do their own end-to-end
protections even if it is a simple as speaking
Navajo.
All hail Saltzer, Reed, and Clark.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list