X-Cypher, SIP VoIP, stupid propriatory crapola
Dave Howe
DaveHowe at gmx.co.uk
Thu Jul 29 02:22:17 PDT 2004
Thomas Shaddack wrote:
> Sounds like an anonymous Diffie-Hellman session key, wrapped in marketing
> bullshit. Usable, but susceptible to MITM.
Unless I am reading this wrong, it is much, much worse than that - it
seems to say that, unless you are running your own server (which
requires a DNS entry and server rights, etc), the session key is being
generated at the central server and *issued* to the two parties - with
all the third party compromise, LEAK order problems and sheer poor
design issues that implies.
SIP *has* a crypto negotiation field in the protocol - why aren't they
using that, instead of "rolling their own"?
More information about the cypherpunks-legacy
mailing list