On 11/4/05, Morlock Elloi <morlockelloi@yahoo.com> wrote:
What is the threat model? Even ROT-13 would thwart casual listening on or data harvesting. If you to be secure then you use voice over IPSec, PGPhone or any of dozens of other solutions.
The idea that a commercial carrier can or should provide NSA-proof security boggles the mind. Nice masturbatory material though.
It's not too much to ask that Skype provide real security. It's no harder to do that than to offer fake security. And more to the point, this so-called security review should have been able to pinpoint these security weaknesses rather than running test vectors against its algorithms. (Granted, the review did in fact identify several weaknesses, but it appears to have glossed over others.) CP