Ian G wrote:
Steven M. Bellovin wrote:
Really? You know that the public key you're talking to corresponds to
a private key held by the person to whom you're talking? Or is there
a MITM at Skype which uses a per-user key of its own?
yes, this is the optimisation that makes Skype work,
it is (probably) vulnerable to an MITM at the center.
Almost certainly though, the authorities of whatever government holds a VoIP hub
are going to start insisting that traffic is interceptable at that hub. of
course with SIP, unless you are proxying both ends, you are doing direct
client-to-client links anyhow (so any crypto must be e2e, by definition); again
however, unless there is some sort of PK retention in place, mitm attacks and
attacks on the initial key negotiation are possible.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
