[IP] more on skype

To: Ip Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on skype
From: David Farber <dave@xxxxxxxxxx>
Date: Fri, 19 Aug 2005 17:01:21 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <p06230901bf24314adf5e@[192.168.11.11]>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Stephan Somogyi <ip045@xxxxxxxxxxxxxxxx>
Date: August 19, 2005 3:46:39 PM EDT
To: btm@xxxxxxxxxxxxxx, dave@xxxxxxxxxx
Subject: Re: [IP] more on skype


Gentlemen,

I don't want to try your patience by keeping this thread going beyondits useful lifespan, but I've been out of pocket for a few days andwanted to at least reply since Brad's note went out to IP at large.

Dave, feel free to send this out to IP if you feel it has sufficientmerit.

From: Brad Templeton <btm@xxxxxxxxxxxxxx>

Brad, your facile framing of my previous missive as a rant veersdistressingly near ad hominem. I'd like to think that we're primarilyinterested in using reason and scientific method to get to the bottomof actual issues.

By all means disagree with me on the basis of hard data, but, well,sticks and stones.

Not only could this not be more wrong, it is this not uncommon viewthat have given us the encrytion regime we have today -- namelyalmost none of the world's traffic is encrypted, in the name ofthis concept that somehow this is better than encryption of unknownquality.

There is an abundance of encryption in use today where it's needed.The use of encryption is also measurably on the rise as regulatorypressures worldwide force businesses to use more of it.

Those of us selling crypto -- I work at a firm that developsencryption products, so I have first-hand knowledge of what'sactually happening out there right now -- compete on the quality ofour implementations as well as our ability to make them easy to use.Those who need crypto definitely care about quality, and haveobjective metrics for measuring cryptographic goodness.

Encryption of unknown quality is useful only to the dilettante. It'sa nice to have rather than a gotta have.

I want the airbags in my car designed by an airbag expert, not aballoon expert with an interest in airbags. The latter may well beconsidered maximally skilled at inflating things, but the two modesof inflation are radically different and the ramifications of makinga mistake are as well.

It's not that I don't wish Skype's protocols were available forscrutiny. I do wish that, and I would have more faith in them ifthey were. But that's _more_ faith, not a jump from 0% faith to99% faith.


Unfortunately, faith-based crypto doesn't meet the needs of many.

One of the use cases that frequently occupies me is that of humanrights workers, whose health and sometimes lives depend on thequality of the crypto they use. It troubles me greatly to hear anyone-- especially someone viewed as authoritative and technology-savvy --assert within earshot of people who really need good crypto thatunproven crypto is good enough.

Skype's protocols have been examined by those skilled atcryptanalysis, and so far no announced window into them has beenfound.

Can you please provide a cite? The only published analysis I'm awareof is Simson's, and his paper is very clear that he was unable toanalyze the quality of the crypto.

This is not everything but it is not nothing. And since Ipersonally know Skype's funders and know them to be men of honour,I have reasonable confidence that there would not be deliberatebackdoors in the system.

I would also be surprised and dismayed if there were deliberatebackdoors in Skype, but I took care not to imply malice aforethoughtwith my previous comments by using WEP as an example.

WEP was a case of well-intentioned engineers constructing a systemthat appeared superficially secure to the security layperson, andsubsequently turned out to be not so secure after all.

But in spite of the rant above, Skype has done more to deliverencryption into the hands of the masses than just about anybody.


Hyperbole.

ATMs have delivered more crypto to the masses in the form of tellermachines and the occasional bit of encrypted data on an ATM card thanSkype has.


DVDs and their players also put plenty of crypto out into the world.

I'm sure you can also come up with lots of examples of mass cryptouse that vastly outnumber Skype's numbers.

Skype did this by doing ZUI encryption (Zero user interface.)  Most of
the users of Skype are not aware or barely aware of the encryption.

And this is precisely how it should be. But I want zero userinterface on top of encryption that meets objective qualitybenchmarks, rather than on top of unsubstantiated buzzwords. Securityis more important than convenience to me, and in this case there's noreason to forfeit security for ease of use if Skype does their jobright.

And they encrypt by default. Frankly, today, use of PGP or otherencryption software singles you out as somebody who cares. Use ofencryption by you in Skype signifies nothing.


I agree.

Encryption products should be strong, and should be subject toscrutiny and verified. But they should also be used in the realworld to encrypt things!


I couldn't agree more.

I don't think that applying the adjective "encrypted" to a piece oftechnology makes it inherently good, trustworthy, or superior to onelacking that particular descriptor.

When I want security, I look for objective criteria by which toevaluate a solution, as well as the founded opinions of domainexperts, and I measure this against the threat I'm trying to mitigate.

In the case of voice encryption, I'm looking forward to PhilZimmermann's zFone <http://www.philzimmermann.com/EN/zfone/index.html>, since, true to form, he intends to release both sourcecode and protocol specs for peer review.

Making one's implementation available for peer review is a bestpractice, one that Skype persists in not following.

Rather than lauding them for style over substance, I would've hopedthat you would use your position as Chairman of the EFF to encouragethem to give us a concrete reason to know they are trustworthy.Instead, Skype just points us at platitudes, eg <http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=145>.

Skype needs to put up or shut up. If their security benefits fromobscurity rather than sunshine, then that tells us plenty about itsquality.

s.

P.S. I should note that I do use Skype occasionally, but never forconversations that I wouldn't mind being overhead having in anoutdoor cafe. I use it mainly because of its very aggressive means ofevading multiple NATs and other network obstructions, which is alsoone of the reasons that many network security practitioners loatheand despite Skype.



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] CEI's C:Spin - Dangers of World Internet Governance: Lessons from the Proposed Domain for Adult Content
Next by Date: [IP] Desperate need for volunteer PHP programmers at VerifiedVoting
Previous by thread: [IP] more on skype
Next by thread: [IP] more on more on YES YES TSA may loosen carry-on, shoe-removal, other rules
Index(es):
- Date
- Thread