Re: [rtcweb] SRTP and "marketing"

"Timothy B. Terriberry" <tterriberry@mozilla.com> Thu, 29 March 2012 02:30 UTC

Return-Path: <tterriberry@mozilla.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A023821F862B for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 19:30:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLzkDshRvDzI for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 19:30:03 -0700 (PDT)
Received: from dm-mail03.mozilla.org (dm-mail03.mozilla.org [63.245.208.213]) by ietfa.amsl.com (Postfix) with ESMTP id D521E21F8624 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 19:30:03 -0700 (PDT)
Received: from [130.129.69.85] (dhcp-4555.meeting.ietf.org [130.129.69.85]) (Authenticated sender: tterriberry@mozilla.com) by dm-mail03.mozilla.org (Postfix) with ESMTP id 110244AEDD1 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 19:30:02 -0700 (PDT)
Message-ID: <4F73C929.9010900@mozilla.com>
Date: Wed, 28 Mar 2012 19:30:01 -0700
From: "Timothy B. Terriberry" <tterriberry@mozilla.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20120113 SeaMonkey/2.4.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4F72D6B3.40803@bbn.com> <5D67671F-417C-4C78-A560-0B16AC65E4E2@acmepacket.com>
In-Reply-To: <5D67671F-417C-4C78-A560-0B16AC65E4E2@acmepacket.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [rtcweb] SRTP and "marketing"
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 02:30:04 -0000

Hadriel Kaplan wrote:
> As far as I know, you don't actually "know" that with Skype.  You assume it,
> because you trust Skype.  They could forge whatever identity they wanted to,
> and they can insert a recording middlebox if they wanted to, afaict.
> No one is concerned about that.  They also have skype-in/skype-out to/from

This is, of course, not true. See, for example, 
http://www.technologyreview.com/web/38379/

The relevant bit, for those who don't want to read the whole article: 
'"We met using Mumble [which is open-source, uses digital certificate 
authentication, and is regarded by Takriz as more secure than Skype].' 
(brackets in the original).

Which is not to say that Tunisian rebels never used Skype (the article 
mentions several instances where they did), but it is clearly inaccurate 
to say no one was concerned about it.