[VOIPSEC] So who is SKYPE listening to?
Dustin D. Trammell
dtrammell at tippingpoint.com
Fri Jun 23 13:36:29 CDT 2006
On Fri, 2006-06-23 at 18:05 +0800, Simon Horne wrote:
> To be honest, adding PKI peer-entity authentication to SKYPE does not
> really "improve" security since the network is already closed. As was
> discussed previously with respect to current vendor specific VoIP islands
> in SIP, the real power of peer-entity authentication is when calling
> parties identify themselves in inter domain (inter VoIP Island) connections
> across an open internet, where there is no centralized "network" control
> and the trust is derived from a common third party. This is much more
> suited to the standard based protocols where businesses control their own
> networks.
>From all the press I've read regarding this, it was my impression that
the peer-entity authentication feature's intended audience was the
enterprise VoIP market. In that case, I would assume that each business
would essentially be it's own "VoIP island" within the overall Skype
service network. The feature would then be used to authenticate
businesses (or employees of those businesses) to each other. In the
scenario you mention above, the trusted third party who verifies
identities and issues certificates would essentially be Skype (the
company, not the service) acting as a root CA.
> I think you are going to have a hard sell trying to convince businesses
> that the best solution is to buy a server and donate it and all the
> bandwidth (at your expense) to SKYPE so it can be run into the ground
> proxying other (not related to your business) SKYPE users traffic.
I very much doubt they would pursue that business model. More likely
would be that Skype sells the businesses a set of appliances which
connect/trunk/supernode/whatever to the Skype service and are only used
for that company's VoIP traffic. They seem to be working toward viable
enterprise-level service offerings, so you can likely expect some
optimizations of their current service offerings.
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
More information about the Voipsec
mailing list