Can Skype be wiretapped by the authorities? (fwd from em at

Thomas Shaddack shaddack at
Sun May 9 14:49:40 PDT 2004

On Sun, 9 May 2004, Eugen Leitl wrote:

> Not only that: NATted agents cannot be "called" unless they first register
> with some reflector on the open Internet. And centralized reflectors are,
> again, easy to attack, and also expensive to operate, as the bandwidth
> requirements are substantial (all the traffic flows through them): see
> e.g. John Walker's analysis of the reasons that led him to abandon
> SpeakFreely at .
> Thomas Shaddack suggested to leverage on Jabber, but:
> 1. Jabber uses TCP as transport, and therefore can't be efficiently used
> as transport for telephony, i.e. using encapsulation of the voice packets
> in the Jabber protocol in order to traverse NAT devices.

Oh! There is a little misunderstanding here!

I proposed using Jabber for the presence/location/directory thing, and for
negotiation between the clients about what method to use, if they can do
direct peer-to-peer call or have to use a reflector (and what one), what
cipher and key to use, etc. - the Jabber protocol is rather unsuitable for

> 2. Jabber is based on a client-server paradigm similar to e-mail. Running
> a Jabber server requires an always-on machine with its own domain name;
> and, although dynamic DNS can help, the model again tend to be
> hierarchical, easy to attack etc. That pretty much rules it out also for
> session initiation, directory/presence etc.

That's true - but it can be implemented with relative ease, with lots of
infrastructure already existing. Next generation of the system then can
be built atop this.

> The beauty of Skype, encryption aside, is that it's based on an overlay
> network solely based on P2P servents, relies (if their FAQ tells the
> truth) upon NO central registry for presence and directory services, and
> each client that runs non-NATted can transparently act as reflector
> supporting NATted users. Plus, all this (including, besides voice,
> text-based instant messaging) works with zero configuration with an
> idiotproof UI.

But it's closed-source and so can't be fully trusted :(

More information about the cypherpunks-legacy mailing list