At 10:19 AM -0400 5/22/06, Steven M. Bellovin wrote:
There's an article in today's NY Times (for subscribers, it's at http://www.nytimes.com/2006/05/22/technology/22privacy.html?_r=1&oref=slogin ) on whether Phil Zimmerman's Zfone -- an encrypted VoIP package -- will invite government scrutiny. There doesn't seem to be any imminent threat in the U.S.; the one concrete example mentioned -- the British plan to give police the power to compel individuals to disclose keys -- doesn't threaten Zfone, because it uses Diffie-Hellman for (among other things) perfect forward secrecy and doesn't even have any long-term keys. (See draft-zimmermann-avt-zrtp-01.txt for protocol details.)The fascinating thing, though, was this sentence near the end of the article: But at a conference last week in Cyprus, German officials said they had technology for intercepting and decrypting Skype phone calls, according to Anthony M. Rutkowski, vice president for regulatory affairs and standards for VeriSign, a company that offers security for Internet and phone operations. The Berson report says that Skype uses AES-256. NSA rates that as suitable for Top Secret traffic, so it's presumably not the cipher. Berson analyzed a number of other possible attack scenarios; the only one that seems to be possible is an active attack plus forged certificates. If Berson's analysis was correct -- and we all know how hard it is to verify cryptographic protocols -- that leaves open the possibility of a protocol change that implemented some sort of Clipper-like functionality.
Please don't forget that the VeriSign spokesperson may be mistaken, or purposely lying (possibly in order to drum up business for the company). Neither would be a first for VeriSign.
--Paul Hoffman, Director --VPN Consortium --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
