bill.stewart at pobox.com
Wed Nov 19 17:30:49 PST 2003
> If and when this is accomplished the source could then be used,
> if it can't already, for PC-PC secure communications.
> A practical replacement for SpeakFreely may be at hand.
> The limitation of either direct phone or ISDN connection requirement
> is a problem though.
While the phone hardware is EU3500/pair, the Windows software is free -
we'll see if they've set it up in a way that PC-to-PC connections work.
I'm also interested in the question of whether they've learned some of
the technical lessons that the SpeakFreely project learned
(e.g. NAT, delay accumulation from TCP, tuning for Windows perfomance.)
While this phone isn't Free Software in the RMSically-correct sense
or even the BSD "leave our name on it and don't sue us" sense,
it's at least openly published for inspection, though unless the
programming environment that it supports is very resticted,
the "compile the code and compare the binaries" approach is pretty lame,
since optimizing compilers tend to make it difficult.
Skype is a non-starter from a security perspective -
too many proprietary parts, apparently including codecs,
closed source, documentation written by people who don't understand
cryptographic security beyond the buzzword level on a team that's
small enough that you'd expect that that implies the coders don't either.
On the other hand, if it gets more than 15 minutes of fame worth of use,
it may be an interesting experiment in user interface and architecture,
which somebody else could use with better crypto and policies.
More information about the cypherpunks-legacy