Ian G wrote:
Steven M. Bellovin wrote:
Really? You know that the public key you're talking to corresponds to
a private key held by the person to whom you're talking? Or is there
a MITM at Skype which uses a per-user key of its own?
yes, this is the optimisation that makes Skype work,
it is (
Steven M. Bellovin wrote:
Do I support e2e crypto? Of course I do! But the cost -- not the
computational cost; the management cost -- is quite high; you need
to get authentic public keys for all of your correspondents. That's
beyond the ability of most people.
I don't think it is that hard t
In message <[EMAIL PROTECTED]>, Adam Back writes:
>On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote:
>> In message <[EMAIL PROTECTED]>, Adam Back writes:
>> >Thats broken, just like the "WAP GAP" ... for security you want
>> >end2end security, not a secure channel to an UTP (untru
Adam Back wrote:
Well I think security in IM, as in all comms security, means security
such that only my intended recipients can read the traffic. (aka e2e
security).
I don't think the fact that you personally don't care about the
confidentiality of your IM messages should argue for not doing
On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote:
> In message <[EMAIL PROTECTED]>, Adam Back writes:
> >Thats broken, just like the "WAP GAP" ... for security you want
> >end2end security, not a secure channel to an UTP (untrusted third
> >party)!
> >
>
> What is security? What