P2P Encrypted VOIP

Mon Oct 13 16:22:02 PDT 2003

> Here's the Privacy section from the Skype FAQ:
> http://www.skype.com/help_faq.html

Skype has been discussed a bit.  The big problems are
- It's a proprietary protocol they're not documenting,
        so there's no way to tell if it would be any good
        if they've implemented it properly, and
- It's not an open-source implementation, so you can't
        inspect it to see if they _have_ implemented it well, and
- The fact that they'd do either one of those things
        doesn't suggest that they're sensitive to cryptographic concerns,
        and therefore suggests that they're likely to have screwed up, and
- They talk about end-to-end encryption but don't mention key exchange
        or user authentication, which says that at least their
        documentation and PR folks don't have a clue, and
- The fact that they're using proprietary protocols says that they
        won't have an easy time finding commercial off-the-shelf equipment
        to build gateways to the public network, so they'll be less useful,
        and other people won't be able to develop cooperative products,
        unlike all the SIP and H.323 periphery that people are developing,
        but- other than that, it sounds like it could be an interesting system,
        and we could use some interesting user relationship models.