Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on skype

From: David Farber <dave () farber net>
Date: Fri, 19 Aug 2005 17:01:21 -0400


Begin forwarded message:

From: Stephan Somogyi <ip045 () st gyroscope net>
Date: August 19, 2005 3:46:39 PM EDT
To: btm () templetons com, dave () farber net
Subject: Re: [IP] more on skype


Gentlemen,
I don't want to try your patience by keeping this thread going beyond its useful lifespan, but I've been out of pocket for a few days and wanted to at least reply since Brad's note went out to IP at large.
Dave, feel free to send this out to IP if you feel it has sufficient merit. 



From: Brad Templeton <btm () templetons com>
Brad, your facile framing of my previous missive as a rant veers distressingly near ad hominem. I'd like to think that we're primarily interested in using reason and scientific method to get to the bottom of actual issues.
By all means disagree with me on the basis of hard data, but, well, sticks and stones.
Not only could this not be more wrong, it is this not uncommon view that have given us the encrytion regime we have today -- namely almost none of the world's traffic is encrypted, in the name of this concept that somehow this is better than encryption of unknown quality.
There is an abundance of encryption in use today where it's needed. The use of encryption is also measurably on the rise as regulatory pressures worldwide force businesses to use more of it.
Those of us selling crypto -- I work at a firm that develops encryption products, so I have first-hand knowledge of what's actually happening out there right now -- compete on the quality of our implementations as well as our ability to make them easy to use. Those who need crypto definitely care about quality, and have objective metrics for measuring cryptographic goodness.
Encryption of unknown quality is useful only to the dilettante. It's a nice to have rather than a gotta have.
I want the airbags in my car designed by an airbag expert, not a balloon expert with an interest in airbags. The latter may well be considered maximally skilled at inflating things, but the two modes of inflation are radically different and the ramifications of making a mistake are as well.
It's not that I don't wish Skype's protocols were available for scrutiny. I do wish that, and I would have more faith in them if they were. But that's _more_ faith, not a jump from 0% faith to 99% faith. 



Unfortunately, faith-based crypto doesn't meet the needs of many.
One of the use cases that frequently occupies me is that of human rights workers, whose health and sometimes lives depend on the quality of the crypto they use. It troubles me greatly to hear anyone -- especially someone viewed as authoritative and technology-savvy -- assert within earshot of people who really need good crypto that unproven crypto is good enough.
Skype's protocols have been examined by those skilled at cryptanalysis, and so far no announced window into them has been found.
Can you please provide a cite? The only published analysis I'm aware of is Simson's, and his paper is very clear that he was unable to analyze the quality of the crypto.
This is not everything but it is not nothing. And since I personally know Skype's funders and know them to be men of honour, I have reasonable confidence that there would not be deliberate backdoors in the system.
I would also be surprised and dismayed if there were deliberate backdoors in Skype, but I took care not to imply malice aforethought with my previous comments by using WEP as an example.
WEP was a case of well-intentioned engineers constructing a system that appeared superficially secure to the security layperson, and subsequently turned out to be not so secure after all.
But in spite of the rant above, Skype has done more to deliver encryption into the hands of the masses than just about anybody. 



Hyperbole.
ATMs have delivered more crypto to the masses in the form of teller machines and the occasional bit of encrypted data on an ATM card than Skype has. 

DVDs and their players also put plenty of crypto out into the world.
I'm sure you can also come up with lots of examples of mass crypto use that vastly outnumber Skype's numbers. 



Skype did this by doing ZUI encryption (Zero user interface.)  Most of
the users of Skype are not aware or barely aware of the encryption.
And this is precisely how it should be. But I want zero user interface on top of encryption that meets objective quality benchmarks, rather than on top of unsubstantiated buzzwords. Security is more important than convenience to me, and in this case there's no reason to forfeit security for ease of use if Skype does their job right.
And they encrypt by default. Frankly, today, use of PGP or other encryption software singles you out as somebody who cares. Use of encryption by you in Skype signifies nothing. 



I agree.
Encryption products should be strong, and should be subject to scrutiny and verified. But they should also be used in the real world to encrypt things! 



I couldn't agree more.
I don't think that applying the adjective "encrypted" to a piece of technology makes it inherently good, trustworthy, or superior to one lacking that particular descriptor.
When I want security, I look for objective criteria by which to evaluate a solution, as well as the founded opinions of domain experts, and I measure this against the threat I'm trying to mitigate.
In the case of voice encryption, I'm looking forward to Phil Zimmermann's zFone <http://www.philzimmermann.com/EN/zfone/ index.html>, since, true to form, he intends to release both source code and protocol specs for peer review.
Making one's implementation available for peer review is a best practice, one that Skype persists in not following.
Rather than lauding them for style over substance, I would've hoped that you would use your position as Chairman of the EFF to encourage them to give us a concrete reason to know they are trustworthy. Instead, Skype just points us at platitudes, eg <http:// support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=145>.
Skype needs to put up or shut up. If their security benefits from obscurity rather than sunshine, then that tells us plenty about its quality. 

s.
P.S. I should note that I do use Skype occasionally, but never for conversations that I wouldn't mind being overhead having in an outdoor cafe. I use it mainly because of its very aggressive means of evading multiple NATs and other network obstructions, which is also one of the reasons that many network security practitioners loathe and despite Skype. 


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: