(resent from other pki list, might be of interest) On 8/1/09 14:10, D3|\||\|!$ wrote: > Hi All! > > I am looking for real-time encryption methods/protocols for streaming > A / V / Text data. I plan to build an app similar to Skype
Skype has a demanding set of requirements, which are unusual and unfamiliar to people. It is basically from the p2p school of thought, rather than the PKI school of thought you will find here. See ref at bottom as to where to ask about this. It probably doesn't make sense to take the demanding requirements of a Skype replacement as equivalent to "A / V/ Text" without a bit more thought. If you really want to do A / V streaming, then that's where you have to look, and get a lot closer to those apps. It's not sufficient in these apps to say "oh just use datagrams", you have to study the nature of the stream, get into the soul of the app. > From whatever research I did about Skype, I found the following First mistake, ignore the numbers. Look at the protocol (which is unknown :) > ..... User public keys are certified by the > Skype server at login .... RSA certificates. It is unlikely that they are "certified", more likely they are registered. > It has also set up its own CA for authentication. On first usage, a > client contacts Skype's master server which issues a certificate from > its indigenous CA. I would be surprised if they were using certificates, there is no real point, because the server isn't making a claim of any import. > Besides the above cryptographic algorithms, Skype has also implemented > its own proprietary key-exchange protocol which it uses for key > exchange. I guess they have borrowed most of the features of SSL and > implemented it according to their needs besides "fixing" its need for > a connection-oriented protocol. I doubt they used SSL at all ... the primary uses are message based, the error handling is higher layer, and the "identity" handling is opportunistic, to use a euphimism. (I thought they based their design on their previous work with Kazaa.) > The question is, can we use IPSec to secure UDP data communication?? > If yes, HOW?? (since using TCP to transport A / V data would cause > huge "delays".. So SSL is also out of question...) IPSec is generally an O/S level thing, or? Probably worth reading about but research p2p designs first. > One more option would be to use DTLS - I needed to know if NSS > supports DTLS... Have already developed apps with NSS.. so life could > be a lot more easier if NSS did support DTLS.. :D IMHO, only, DTLS is a design to re-use as much of SSL technology as possible, where this makes sense. It is probably good to read DTLS at least, but before you do that, read up on p2p designs. > Another option would be to use SSH but again, I'm not sure if it can > be used with UDP and also about its authentication methods. Comments > would be welcome. Standard SSH cannot be used with UDP. I have a sort of prototype that does UDP tunnelling using SSH (it was a hobby hacking project I did to extend some UDP payments technology), I don't recall anyone else being so daft & dotty. Having said that ... again, I wouldn't use this general tool for a specific application, especially one as demanding as faux-Skype. > Also, I'm looking for suitable forums/IRC channels to discuss the > topic more. Could the people here suggest me some??? Architecture is possibly the most fun thing, but this forum does not really do architecture. The best place I know for this question is the p2p list run by zooko: http://lists.zooko.com/mailman/listinfo/p2p-hackers There you will find a lot of people doing similar stuff, with a fair scattering of people who've attacked similar problems. iang _______________________________________________ dev-tech-crypto mailing list dev-tech-cry...@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
