[18878] in cryptography@c2.net mail archive
Re: [smb@cs.columbia.edu: Skype security evaluation]
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Wed Nov 9 09:47:06 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Joseph Ashwood" <ashwood@msn.com>
To: "'Cryptography'" <cryptography@metzdowd.com>
Date: Wed, 9 Nov 2005 04:20:30 -0800
----- Original Message -----
From: "Marcel Popescu" <Marcel_Popescu@microbilt.com>
Subject: RE: [smb@cs.columbia.edu: Skype security evaluation]
>> From: owner-cryptography@metzdowd.com [mailto:owner-
>> cryptography@metzdowd.com] On Behalf Of Peter Gutmann
>> I can't understand why they didn't just use TLS for the handshake (maybe
>> YASSL) and IPsec sliding-window + ESP for the transport (there's a free
>> minimal implementation of this whose name escapes me for use by people
>> who
>> want to avoid the IKE nightmare).
> Do you have some articles about these protocols?
The authoritative reference for TLS is the TLS RFC
(http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec
is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why
they wouldn't use these as they stand, synchronized protocols often require
finer control over the data block size than these offer, but modification is
easy enough, and would certainly have caused fewer concerns than a roll your
own.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
