[18311] in cryptography@c2.net mail archive
Re: e2e all the way (Re: Another entry in the internet security hall
daemon@ATHENA.MIT.EDU (Dave Howe)
Sat Aug 27 16:52:01 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 27 Aug 2005 18:26:13 +0100
From: Dave Howe <DaveHowe@gmx.co.uk>
To: Email@metzdowd.com,
List@metzdowd.com:Cryptography <cryptography@metzdowd.com>
In-Reply-To: <43101A6A.3000601@systemics.com>
Ian G wrote:
> Steven M. Bellovin wrote:
>> Really? You know that the public key you're talking to corresponds to
>> a private key held by the person to whom you're talking? Or is there
>> a MITM at Skype which uses a per-user key of its own?
> yes, this is the optimisation that makes Skype work,
> it is (probably) vulnerable to an MITM at the center.
Almost certainly though, the authorities of whatever government holds a VoIP hub
are going to start insisting that traffic is interceptable at that hub. of
course with SIP, unless you are proxying both ends, you are doing direct
client-to-client links anyhow (so any crypto must be e2e, by definition); again
however, unless there is some sort of PK retention in place, mitm attacks and
attacks on the initial key negotiation are possible.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
