X-Cypher, SIP VoIP, stupid propriatory crapola

Dave Howe DaveHowe at gmx.co.uk
Thu Jul 29 02:22:17 PDT 2004

Thomas Shaddack wrote:
> Sounds like an anonymous Diffie-Hellman session key, wrapped in marketing 
> bullshit. Usable, but susceptible to MITM.
Unless I am reading this wrong, it is much, much worse than that - it 
seems to say that, unless you are running your own server (which 
requires a DNS entry and server rights, etc), the session key is being 
generated at the central server and *issued* to the two parties - with 
all the third party compromise, LEAK order problems and sheer poor 
design issues that implies.
SIP *has* a crypto negotiation field in the protocol - why aren't they 
using that, instead of "rolling their own"?

More information about the cypherpunks-legacy mailing list