[126592] in cryptography@c2.net mail archive
Re: [Beowulf] Re: "hobbyists"
daemon@ATHENA.MIT.EDU (dan@geer.org)
Sat Jun 21 21:11:49 2008
From: dan@geer.org
To: Eugen Leitl <eugen@leitl.org>
cc: Cryptography List <cryptography@metzdowd.com>
In-Reply-To: Your message of "Sat, 21 Jun 2008 15:11:26 +0200."
<20080621131126.GP9875@leitl.org>
Date: Sat, 21 Jun 2008 19:26:42 -0400
Eugen Leitl writes:
-+-----------------
| I think that's a wise decision. Skype is a giant black
| box. Fabrice Desclaux published a fair amount of
| cryptanalysis papers about Skype, each one more
| frightening than the previous ([1], [2] and [3])
My read on Skype is that they are doing a world
leading job when it comes to avoiding vulnerabilities,
better, indeed than the operating systems on which
they run.
One could call it a design weakness that to interface
with the plain old telephone system there has to be
a knowable, fixed in-the-clear peering to the POTS.
If I am a state actor or equivalent, I do not need
to bother myself with breaking VoIP crypto -- I just
insert some tool into the peering point where the
Skype caller reverts to the ordinary.
Yes, a state may be interested in two parties each
of whom has a Skype instance and thus the demodulation
for POTS does not occur, but two such parties, if
they really care, would do their own end-to-end
protections even if it is a simple as speaking
Navajo.
All hail Saltzer, Reed, and Clark.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
