On Mon, May 20, 2013 at 1:30 PM, Nico Williams <[email protected]> wrote: > On Mon, May 20, 2013 at 12:22 PM, Jeffrey Walton <[email protected]> wrote: >> The original Skype homepage (circa 2003/2004) claims the service is >> secure: "Skype calls have excellent sound quality and are highly >> secure with end-to-end encryption." >> (http://web.archive.org/web/20040701004241/http://skype.com/). > > Secure in what way though? Probably: relative to passive > eavesdroppers. As for LEA, forget it. (Nothing is secure w.r.t. LEA > that have jurisdiction, as ultimately there's the rubber hose.) Well, I take 'secure' to mean confidentiality and authenticity, including an authenticated key agreement. If we don't know who we are talking to, or someone else can listen in, or someone else can tamper, then its surely not secure by any reasonable definition.
For a typical user, they would probably take 'secure' to mean that only both users (the endpoints) can read the message, hear, the conversation, see the video, etc. I'm not sure how they would react to 'highly secure', other than its 'secure' plus some other good stuff they can't even imagine. >> The new web page does not even use the word >> (web.archive.org/web/20130426221613/http://www.skype.com/). > > So their advertising/terms changed. It appears so. In the US, I believe that's a Material Adverse Change and usually requires explicit notification (credit card issuers were especially bad about changing terms). Do any Skype users recall being informed the terms changed dramatically? There was a time the FTC would do something about it. In the end, does it matter since it appears there are only carrots and no sticks? Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
