----- Original Message ----- From: "Marcel Popescu" <[EMAIL PROTECTED]>
Subject: RE: [EMAIL PROTECTED]: Skype security evaluation]

From: [EMAIL PROTECTED] [mailto:owner-
[EMAIL PROTECTED] On Behalf Of Peter Gutmann

I can't understand why they didn't just use TLS for the handshake (maybe
YASSL) and IPsec sliding-window + ESP for the transport (there's a free
minimal implementation of this whose name escapes me for use by people who
want to avoid the IKE nightmare).

Do you have some articles about these protocols?

The authoritative reference for TLS is the TLS RFC (http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why they wouldn't use these as they stand, synchronized protocols often require finer control over the data block size than these offer, but modification is easy enough, and would certainly have caused fewer concerns than a roll your own. Joe

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to