On Sat, 18 May 2013, Adam Back wrote: > Would you expect microsoft IIS web server to contain an SSL backdoor? Or > microsoft VPN client? Or cisco?
Of course they contain backdoors. It's clear from the the US political and Congressional reaction to the revelations of large-scale NSA domestic spying that the US political system strongly supports having such backdoors. The fact that various wiretap laws may appear to forbid using backdoors to snoop (or maybe even putting in the backdoors in the first place, I'm not sure) doesn't seem to have landed any AT&T executives in jail yet (to put it mildly). We have a fair number of historical data points on what happens when a national government approaches a company-making-communications-equipment to ask for a backdoor. The general pattern seen for well over a century (hints: subocean telegraph cables, telegrams, Crypto AG, Peter Wright's "Spycatcher") is that the company puts in the backdoor. Exceptions to this pattern are rare. > A lot of businesses and individuals are > relying on these things to do what is advertised. Not doing what is > advertised can itself get companies in trouble, in many jurisdictions. > Skype has/had as a differentiator that it was end2end encrypted, it is my > impression that a number of people used it for that purpose. Yes, many people are foolish enough to believe advertising. The contrast between what the advertising says and what (little) the EULA shrink-wrap license text actually promises is IMHO quite instructive... As always in computer security, your threat model is crucial. If your threat model is shakedowns by local thugs, then Skype is probably a lot more secure than an endpoing running any flavor of Windows. If your threat model is having the NSA keyword-scan your conversation, then Skype is about as (in)secure as a phone conversation, and Skype IMs are about as (in)secure as cellphone SMSs. -- -- "Jonathan Thornburg [remove -animal to reply]" <[email protected]> Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA on sabbatical in Canada starting August 2012 "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
