Re: P2P Encrypted VOIP
Here's the Privacy section from the Skype FAQ: http://www.skype.com/help_faq.html Skype has been discussed a bit. The big problems are - It's a proprietary protocol they're not documenting, so there's no way to tell if it would be any good if they've implemented it properly, and - It's not an open-source implementation, so you can't inspect it to see if they _have_ implemented it well, and - The fact that they'd do either one of those things doesn't suggest that they're sensitive to cryptographic concerns, and therefore suggests that they're likely to have screwed up, and - They talk about end-to-end encryption but don't mention key exchange or user authentication, which says that at least their documentation and PR folks don't have a clue, and - The fact that they're using proprietary protocols says that they won't have an easy time finding commercial off-the-shelf equipment to build gateways to the public network, so they'll be less useful, and other people won't be able to develop cooperative products, unlike all the SIP and H.323 periphery that people are developing, but- other than that, it sounds like it could be an interesting system, and we could use some interesting user relationship models.
Re: P2P Encrypted VOIP
On Mon, 13 Oct 2003, Guerry Semones wrote: I caught the announcement this morning from Skype concerning their P2P-based VOIP (free) product. Apparently this is the Kazaa founder's new company. The communications are supposed to be encrypted, etc., etc. This was mentioned on a SepakFreely list as well. In short: Platform-locked (Windows-only). Closed-source (dubious crypto implementation). Proprietary technology (compatible only with itself). Vendor-dependence. The P2P-ness is a good idea, though. Why don't publish contact information in eg. Gnutella, as a small text (eg. XML) file, searchable by name? It shouldn't be impossible to write a helper program for SpeakFreely to access those. Several methods are possible, including yellow-pages servers in a DNS-like system; employing more than one at once could make it robust enough for practical use. Alternatively, why don't use an IM-like infrastructure for the call negotiations? Could we use IM of sort to set up the call? Combination of SpeakFreely with Jabber could solve most of the problems, from the contact publishing (where the phone number could equal the Jabber ID) to connection negotiation itself (where Jabber can provide the backbone for the signalling, telling each side the IP on which the communication partner resides, or if there is NAT involved and what measure to use then). Something principially similar to users telling each other over Jabber how to set the VoIP software, but automated. Jabber protocol is well-documented, clients exist for next to everything, next to everybody can run a server. Opinions, comments?
P2P Encrypted VOIP
I caught the announcement this morning from Skype concerning their P2P-based VOIP (free) product. Apparently this is the Kazaa founder's new company. The communications are supposed to be encrypted, etc., etc. Here's the Slashdot article: http://slashdot.org/article.pl?sid=03/10/13/1120202mode=flattid=126tid=95tid=99 Here's the Privacy section from the Skype FAQ: http://www.skype.com/help_faq.html Guerry
