At 12:45 PM 3/13/04 +0100, Eugen Leitl FORWARDED:
----- Forwarded message from Enzo Michelangeli <em@em.no-ip.com> -----
Skype claims to use RSA-based key exchange, which is good for multi-party conferencing but does not preserve forward secrecy. Maybe some variant of ephemeral D-H authenticated by RSA signatures, with transparent renegotiation every time someone joins the conference, could do the job
better.
RSA (ie persistant keys) may be an option but MUST NOT be required, for secrecy reasons as mentioned. (At worst RSA keys can be used once, then discarded. Lots of primes out there :-) Also, this is *voice*, ie biometric auth, so public-key-web-o-trust verislime scam is unnecessary at best. (Although for ringing up a business it might be a useful redundancy in case you misdial, and if there are introducers more trusted and perhaps liable than verislime)
But the thing I particularly would like to discuss here is if, and how, to leverage on existing P2P networks.
Get Real Networks or AOL or M$ to bundle a free, open secphone with their regular products. In AOL case you can exploit their "buddy" (aka traffic analysis) system for your directory services. I bet its suggested monthly. And shot down by managers who have been shown photos of their personal indiscretions taken by spooks. One could always implement a brand new
network, using Distributed Hash Table algorithms such as Chord or Kademlia,
We don't give a flying fuck as to which shiny new algorithm you use, although were we a graph theory wonk, we might care. but it would be much easier to rely from the very beginning upon
a large number of nodes (at least for directory and presence functionality, if not for the reflectors which require specific UDP code).
That would somehow repeat the approach initially adopted by Vocaltec when, in 1995, they launched their Iphone making use of IRC servers to
What the NAT world (yawn) needs is free registry services exploitable by any protocol. Those NAT-users with RSA-clue can sign their registry entry. publish
dynamic IP addresses. Incidentally, the IRC users community didn't particularly appreciate ;-), triggering the Great Iphone War, which quickly led Vocaltec to set up its own dedicated IRC servers.
Net was a smaller place in 95. A '95 machine didn't have MIPS to burn. Not so many broadband nodes. Bush was just an airhead redneck governor, not a rabid Caesar.