[VOIPSEC] Soft Phone Vulnerabilities
Michael Slavitch
slavitch at gmail.com
Wed Jun 14 13:44:44 CDT 2006
>
> Phil Zimmermann is the main creator of ZRTP. You really should credit
> him. Please change your web site to reflect this.
That's correct. Phil's work is what I refer to.
> Point 3: Unknown relays in Skype. Jon Callas rightly points out
> > that unknown relays in Skype cause a concern regarding sensitive
> > communications, and I agree with him.
>
> I didn't point this out at all. Please credit the proper person.
Deep down in the trail there was a mention of relays being a problem. Your
point was a CSO policy over NDA information going over Skype, and part of
the talk was about relaying. I'm not sure who to credit for as it's an
amalgam of many posts in a very long thread.
If the end-to-end security model passes the Berson sniff test the only
remaining 'security' problem is the relay, and that is addressed by using
preferred peers that are well-known and trusted. If the conversation is
hard encrypted the relay is the remaining issue, that issue being that the
relay knows that a conversation happened at a certain, even if it could not
capture the content. Selecting trusted relays solves that problem.
Regards,
Michael
More information about the Voipsec
mailing list