[VOIPSEC] So who is SKYPE listening to?
Simon Horne
s.horne at packetizer.com
Thu Jun 22 07:10:05 CDT 2006
Saw this on our Industry news feed.
Skype to address identification concerns
http://news.com.com/Skype+to+address+identification+concerns/2100-7352_3-6086360.html?tag=fd_nbs_ent&tag=nl.e433
Quote
One security concern for IT managers is that while Skype uses an encrypted
public key infrastructure, it automatically authenticates users itself.
This means that users cannot authenticate the identity of the people they
are communicating with.
"Skype is a public key infrastructure, which means nothing if you don't
know who you are identifying at the other end," Sauer said.
End Quote
It seems even though some people have difficulty understanding the
importance of caller (peer-entity) authentication, it appears that is has
not been lost at SKYPE.
Simon
More information about the Voipsec
mailing list