[VOIPSEC] So who is SKYPE listening to?
Michael Slavitch
slavitch at gmail.com
Thu Jun 22 08:56:27 CDT 2006
Here is some suggested reading: http://www.well.com/~theek/skype4e.pps
This is the talk I gave last week at their devcon. It's for public
consumption.
Regards
M
On 6/22/06, Simon Horne <s.horne at packetizer.com> wrote:
>
>
> Saw this on our Industry news feed.
>
> Skype to address identification concerns
>
> http://news.com.com/Skype+to+address+identification+concerns/2100-7352_3-6086360.html?tag=fd_nbs_ent&tag=nl.e433
>
> Quote
> One security concern for IT managers is that while Skype uses an encrypted
> public key infrastructure, it automatically authenticates users itself.
> This means that users cannot authenticate the identity of the people they
> are communicating with.
> "Skype is a public key infrastructure, which means nothing if you don't
> know who you are identifying at the other end," Sauer said.
> End Quote
>
> It seems even though some people have difficulty understanding the
> importance of caller (peer-entity) authentication, it appears that is has
> not been lost at SKYPE.
>
> Simon
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list