----- Original Message -----
From: "Marcel Popescu" <[EMAIL PROTECTED]>
Subject: RE: [EMAIL PROTECTED]: Skype security evaluation]
From: [EMAIL PROTECTED] [mailto:owner-
[EMAIL PROTECTED] On Behalf Of Peter Gutmann
I can't understand why they didn't just use TLS for the handshake (maybe
YASSL) and IPsec sliding-window + ESP for the transport (there's a free
minimal implementation of this whose name escapes me for use by people
who
want to avoid the IKE nightmare).
Do you have some articles about these protocols?
The authoritative reference for TLS is the TLS RFC
(http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec
is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why
they wouldn't use these as they stand, synchronized protocols often require
finer control over the data block size than these offer, but modification is
easy enough, and would certainly have caused fewer concerns than a roll your
own.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
