You know thats the second time you claimed skype was not end2end secure.
Did you read the skype independent security review paper that Ian posted a
link to?
http://download.skype.com/share/security/2005-031%20security%20evaluation.pdf
It is cleary and unambiguously claimed that skype WAS end to end secure.
If you want to claim otherwise we're gonna need some evidence.
I know they provided certification of the user identity, but as they
provided the namespace its not clearly what else they could easily do,
without exposing users to fingerprints, x509 certificates (which are not
free) or PGP WoT. I dont think you can use that to make blanket statements
that it was never end2end secure.
Also you say there are now features which are incompatible. Really? What
features?
Adam
On Wed, May 22, 2013 at 06:57:09PM +0200, Florian Weimer wrote:
So, the review is not "invalid". And, even when Skype changes its
model, the review remains valid.
There are now features that are incompatible with the design sketched
in the report, such as user password recovery and call forwarding.
The key management never was end-to-end, and we'd view that somewhat
differently these days (I think).
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
