Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-02-07 Thread Dan Kaminsky
Actually it's not that bad: using SIP, the RTP packets can be protected by SRTP (RFC3711, with an opensource implementation from Cisco at http://srtp.sourceforge.net/ ) SRTP...heh. Take a look at RFC3711 for a second. Specification of a key management protocol for SRTP is out of scope here.

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-30 Thread John Kelsey
From: Adam Shostack [EMAIL PROTECTED] Sent: Jan 29, 2005 12:45 PM To: Mark Allen Earnest [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute But, given what people talk about on their cell phones and cordless phones, and what

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-30 Thread Adam Shostack
On Sun, Jan 30, 2005 at 11:12:05AM -0500, John Kelsey wrote: | From: Adam Shostack [EMAIL PROTECTED] | Sent: Jan 29, 2005 12:45 PM | To: Mark Allen Earnest [EMAIL PROTECTED] | Cc: cryptography@metzdowd.com | Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute | | But, given what

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-29 Thread Adam Shostack
On Fri, Jan 28, 2005 at 02:38:49PM -0500, Mark Allen Earnest wrote: | Adam Shostack wrote: | I hate arguing by analogy, but: VOIP is a perfectly smooth system. | It's lack of security features mean there isn't even a ridge to trip | you up as you wiretap. Skype has some ridge. It may turn out

Simson Garfinkel analyses Skype - Open Society Institute

2005-01-28 Thread David Wagner
Adam Shostack [EMAIL PROTECTED] writes: On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | In article [EMAIL PROTECTED] you write: | Voice Over Internet Protocol and Skype Security | Is Skype secure? | | The answer appears to be, no one knows. The report accurately reports | that

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-28 Thread Adam Shostack
On Thu, Jan 27, 2005 at 03:22:09PM -0800, David Wagner wrote: | Adam Shostack [EMAIL PROTECTED] writes: | On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | | In article [EMAIL PROTECTED] you write: | | Voice Over Internet Protocol and Skype Security | | Is Skype secure? | | | | The

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-28 Thread Mark Allen Earnest
Adam Shostack wrote: I hate arguing by analogy, but: VOIP is a perfectly smooth system. It's lack of security features mean there isn't even a ridge to trip you up as you wiretap. Skype has some ridge. It may turn out that it's very very low, but its there. Even if that's just the addition of

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-28 Thread Florian Weimer
* David Wagner: I don't buy it. How do you know that Skype is more secure, let alone vastly more private? Maybe Skype is just as insecure as those other systems. For all we know, maybe Skype is doing the moral equivalent of encrypting with the all-zeros key, or using a repeating xor with a

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-26 Thread Adam Shostack
On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | In article [EMAIL PROTECTED] you write: | Voice Over Internet Protocol and Skype Security | Simson L. Garfinkel | http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf | | Is

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-26 Thread Peter Gutmann
David Wagner [EMAIL PROTECTED] writes: Is Skype secure? The answer appears to be, no one knows. There have been other posts about this in the past, even though they use known algorithms the way they use them is completely homebrew and horribly insecure: Raw, unpadded RSA, no message

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-26 Thread Chris Palmer
People may already have seen this, but maybe not. Another Skype analysis: http://www.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf -- Chris Palmer Technology Manager, Electronic Frontier Foundation 415 436 9333 x124 (desk), 415 305 5842 (cell) 81C0 E11D CE73

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-26 Thread Joseph Ashwood
- Original Message - From: David Wagner [EMAIL PROTECTED] Subject: Simson Garfinkel analyses Skype - Open Society Institute In article [EMAIL PROTECTED] you write: Is Skype secure? The answer appears to be, no one knows. The report accurately reports that because the security

Simson Garfinkel analyses Skype - Open Society Institute

2005-01-11 Thread David Wagner
In article [EMAIL PROTECTED] you write: Voice Over Internet Protocol and Skype Security Simson L. Garfinkel http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf Is Skype secure? The answer appears to be, no one knows. The report accurately

Simson Garfinkel analyses Skype - Open Society Institute

2005-01-09 Thread Ian G
Voice Over Internet Protocol and Skype Security Simson L. Garfinkel January 7, 2005 With the increased deployment of high-speed (broadband) Internet connectivity, a growing number of businesses and individuals are using the Internet for voice telephony, a technique known as Voice over Internet