Actually it's not that bad: using SIP, the RTP packets can be protected by
SRTP (RFC3711, with an opensource implementation from Cisco at
http://srtp.sourceforge.net/ )
SRTP...heh. Take a look at RFC3711 for a second.
"
Specification of a key management protocol for SRTP is out of scope
here.
- Original Message -
From: "Adam Shostack" <[EMAIL PROTECTED]>
To: "David Wagner" <[EMAIL PROTECTED]>
Cc:
Sent: Saturday, January 29, 2005 1:48 AM
Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute
[...]
> The 'vastly more secur
Ian Brown wrote:
I'd guess that many of the developing-world human rights groups funded
by OSI would have legitimate reason to worry about wiretapping
conducted by well-resourced opponents in their governments. They might
also discuss information on a secure communication facility that they
wou
I'd guess that many of the developing-world human rights groups funded
by OSI would have legitimate reason to worry about wiretapping conducted
by well-resourced opponents in their governments. They might also
discuss information on a secure communication facility that they would
avoid on a PST
>From: Adam Shostack <[EMAIL PROTECTED]>
>Sent: Jan 30, 2005 1:09 PM
>Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute
> That's a very interesting point. There are clearly times when it's
>the case. I suspect, with no data to back me
On Sun, Jan 30, 2005 at 11:12:05AM -0500, John Kelsey wrote:
| >From: Adam Shostack <[EMAIL PROTECTED]>
| >Sent: Jan 29, 2005 12:45 PM
| >To: Mark Allen Earnest <[EMAIL PROTECTED]>
| >Cc: cryptography@metzdowd.com
| >Subject: Re: Simson Garfinkel analyses Skype - Open
>From: Adam Shostack <[EMAIL PROTECTED]>
>Sent: Jan 29, 2005 12:45 PM
>To: Mark Allen Earnest <[EMAIL PROTECTED]>
>Cc: cryptography@metzdowd.com
>Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute
>But, given what people talk about on their cell ph
On Fri, Jan 28, 2005 at 02:38:49PM -0500, Mark Allen Earnest wrote:
| Adam Shostack wrote:
| >I hate arguing by analogy, but: VOIP is a perfectly smooth system.
| >It's lack of security features mean there isn't even a ridge to trip
| >you up as you wiretap. Skype has some ridge. It may turn out
* David Wagner:
> I don't buy it. How do you know that Skype is "more secure", let alone
> "vastly more private"? Maybe Skype is just as insecure as those other
> systems. For all we know, maybe Skype is doing the moral equivalent
> of encrypting with the all-zeros key, or using a repeating xor
Adam Shostack wrote:
I hate arguing by analogy, but: VOIP is a perfectly smooth system.
It's lack of security features mean there isn't even a ridge to trip
you up as you wiretap. Skype has some ridge. It may turn out that
it's very very low, but its there. Even if that's just the addition
of
On Thu, Jan 27, 2005 at 03:22:09PM -0800, David Wagner wrote:
| Adam Shostack <[EMAIL PROTECTED]> writes:
| >On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote:
| >| In article <[EMAIL PROTECTED]> you write:
| >| >Voice Over Internet Protocol and Skype Security
| >| >Is Skype secure?
| >|
Adam Shostack <[EMAIL PROTECTED]> writes:
>On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote:
>| In article <[EMAIL PROTECTED]> you write:
>| >Voice Over Internet Protocol and Skype Security
>| >Is Skype secure?
>|
>| The answer appears to be, "no one knows". The report accurately repo
Joseph Ashwood wrote:
[Good analysis! Snipped...]
Working against them. The biggest thing working against them is that a
growing number of teenagers are using Skype (a significant portion of
Gunderson High School in San Jose, Ca actually uses Skype during
class, and has been busted by me for it
- Original Message -
From: "David Wagner" <[EMAIL PROTECTED]>
Subject: Simson Garfinkel analyses Skype - Open Society Institute
In article <[EMAIL PROTECTED]> you write:
Is Skype secure?
The answer appears to be, "no one knows". The report accurately r
People may already have seen this, but maybe not. Another Skype
analysis:
http://www.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
--
Chris Palmer
Technology Manager, Electronic Frontier Foundation
415 436 9333 x124 (desk), 415 305 5842 (cell)
81C0 E11D CE73 4390
David Wagner <[EMAIL PROTECTED]> writes:
>>Is Skype secure?
>
>The answer appears to be, "no one knows".
There have been other posts about this in the past, even though they use known
algorithms the way they use them is completely homebrew and horribly insecure:
Raw, unpadded RSA, no message au
On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote:
| In article <[EMAIL PROTECTED]> you write:
| >Voice Over Internet Protocol and Skype Security
| >Simson L. Garfinkel
|
>http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf
|
| >
In article <[EMAIL PROTECTED]> you write:
>Voice Over Internet Protocol and Skype Security
>Simson L. Garfinkel
>http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf
>Is Skype secure?
The answer appears to be, "no one knows". The report acc
Voice Over Internet Protocol and Skype Security
Simson L. Garfinkel
January 7, 2005
With the increased deployment of high-speed ("broadband") Internet
connectivity, a growing number of businesses and individuals are using
the Internet for voice telephony, a technique known as Voice over
Internet
19 matches
Mail list logo
