On 21/05/13 10:17 AM, ianG wrote:
http://download.skype.com/share/security/2005-031%20security%20evaluation.pdf
Just because it is a superlative example of a clear statement, here is
what Tom said about their Security Policy:
1.2 Security Policy
A Security Policy defines what “security” means in the context of a
system and allows one to answer the question, “Is this system secure?” A
security policy is a great help to designers, implementers, operators,
managers, and users of a system. The Skype Security Policy is:
1. Skype usernames are unique.
2. Users or applications must present a Skype username and its
associated authentication credential (e.g., password) before they
exercise that username’s identity or privileges.
3. Each peer correctly provides the other with proof of its username and
privileges whenever a Skype session is established. Each verifies the
other’s proof before the session is allowed carry messages (e.g., voice,
video, files, or text).
4. Messages transmitted through a Skype session are encrypted from
Skype-end to Skype-end. No intermediary node, if any exist, has access
to the meaning of these messages.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography