Ian G wrote:
Steven M. Bellovin wrote:
Really? You know that the public key you're talking to corresponds to a private key held by the person to whom you're talking? Or is there a MITM at Skype which uses a per-user key of its own?
yes, this is the optimisation that makes Skype work,
it is (probably) vulnerable to an MITM at the center.
Almost certainly though, the authorities of whatever government holds a VoIP hub are going to start insisting that traffic is interceptable at that hub. of course with SIP, unless you are proxying both ends, you are doing direct client-to-client links anyhow (so any crypto must be e2e, by definition); again however, unless there is some sort of PK retention in place, mitm attacks and attacks on the initial key negotiation are possible.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to