At 05:45 PM 11/20/2003 -0800, Bill Frantz wrote:
At 4:40 PM -0800 11/20/03, Ralf-P. Weinmann wrote:
>... There should be a means to cache credentials after an initial
>trust relationship between communicating parties has been established.
Cache entries would be a way for someone who obtains the pho
> From what I've gathered from the diagrams in [1], it seems to be using
> AES-256
> in counter-mode XORed together with Twofish counter-mode output, Twofish also
> being keyed with a 256 bit value. I sense paranoia here - but being paranoid
> myself sometimes I very much welcome this decision! Tho
On Wed, Nov 19, 2003 at 12:59:36PM -0800, Steve Schear wrote:
> At 01:39 PM 11/19/2003 -0500, Jack Lloyd wrote:
> > > > "We allow everyone to check the security for themselves, because
> > > > we're the only ones who publish the source code," said Rop Gonggrijp
> >
> >"We are currently performing a
At 4:40 PM -0800 11/20/03, Ralf-P. Weinmann wrote:
>Hmm.. Does this mean the users have to read of SHA-256 hash values to each
>other after the connection has been established? Oh. Right. It says "Readout
>hash based key authentication" on the left hand side of the spec.
You probably don't have to
> If and when this is accomplished the source could then be used,
> if it can't already, for PC-PC secure communications.
> A practical replacement for SpeakFreely may be at hand.
> The limitation of either direct phone or ISDN connection requirement
> is a problem though.
While the phone hardw
On Wed, Nov 19, 2003 at 12:59:36PM -0800, Steve Schear wrote:
> If and when this is accomplished the source could then be used, if it can't
> already, for PC-PC secure communications. A practical replacement for
> SpeakFreely may be at hand. The limitation of either direct phone or ISDN
FYI I
On Wednesday 19 November 2003 05:33 pm, Dave Howe wrote:
> Steve Schear wrote:
> > No, but this may be of interest.
> > http://www.technologyreview.com/articles/wo_hellweg111903.asp
> >
> > Its closed source but claims to use AES.
>
> *nods*
> closed source, proprietory protocol, as opposed to SIP
Neil Johnson wrote:
> On Wednesday 19 November 2003 05:33 pm, Dave Howe wrote:
> SIP is just the part of the VoIP protocols that handling signaling
> (off-hook, dialing digits, ringing the phone, etc.). The voice data
> is handled by Real-Time Streaming Protocol (RTSP), one stream for
> each direct
At 12:59 PM 11/19/03 -0800, Steve Schear wrote:
>If and when this is accomplished the source could then be used, if it
can't
>already, for PC-PC secure communications.
They claim to be releasing code for PCs for free.
A practical replacement for
>SpeakFreely may be at hand. The limitation of eit
At 09:57 PM 11/19/2003 +, Dave Howe wrote:
Steve Schear wrote:
> If and when this is accomplished the source could then be used, if it
> can't already, for PC-PC secure communications. A practical
> replacement for SpeakFreely may be at hand. The limitation of either
> direct phone or ISDN co
Steve Schear wrote:
> No, but this may be of interest.
> http://www.technologyreview.com/articles/wo_hellweg111903.asp
>
> Its closed source but claims to use AES.
*nods*
closed source, proprietory protocol, as opposed to SIP which is an RFC
standard (and interestingly, is supported natively by Win
At 01:39 PM 11/19/2003 -0500, Jack Lloyd wrote:
> > "We allow everyone to check the security for themselves, because
> > we're the only ones who publish the source code," said Rop Gonggrijp
"We are currently performing a internal round of reviews with a expert
group of security researchers and cryp
Steve Schear wrote:
> If and when this is accomplished the source could then be used, if it
> can't already, for PC-PC secure communications. A practical
> replacement for SpeakFreely may be at hand. The limitation of either
> direct phone or ISDN connection requirement is a problem though.
*nods
> > "We allow everyone to check the security for themselves, because
> > we're the only ones who publish the source code," said Rop Gonggrijp
"We are currently performing a internal round of reviews with a expert
group of security researchers and cryptographers. Depending on the results
of this re
On Wed, Nov 19, 2003 at 08:57:57AM -0500, Adam Shostack wrote:
> http://www.wired.com/news/technology/0,1282,61289,00.html?tw=wn_tophead_7
>
> > "We allow everyone to check the security for themselves, because
> > we're the only ones who publish the source code," said Rop Gonggrijp
> > at Amsterda
http://www.wired.com/news/technology/0,1282,61289,00.html?tw=wn_tophead_7
> "We allow everyone to check the security for themselves, because
> we're the only ones who publish the source code," said Rop Gonggrijp
> at Amsterdam-based NAH6. Gonggrijp, who helped develop the software,
> owns a stake
16 matches
Mail list logo