Skype Video
mcr at xdsinc.net
mcr at xdsinc.net
Sun Nov 4 22:28:26 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Eric" == Eric Cyr <1ballistic1 at gmail.com> writes:
>> (and, fundamentally, that's what a "Rogers Home Phone" is..)
Eric> Yeah...Ever try getting them to admit they use VoIP? Denial
Eric> must be a lovely world to live in... ;)
AT&T TalkBroadband, at least, is CERTAINLY not SIP.
It's MGCP (aka "Megaco"). Read the Security Requirements of RFC3435.
Do AT&T run it over IPsec? No. Not secure.
Rogers Home Phone. Some of it is MGCP. Some SIP from what I can
understand. The cable modem people created a new way to key IPsec
connections based upon Kerberos. (And it isn't KINK either). That would
let them run MGCP safely, but it is not clear to (as someone who wrote
testing tools for this protocol) that Rogers (or any cableco) is
actually doing that.
What does this mean?
Anyone using AT&T TalkBroadband can have their calls intercepted and
directed to other parties. It also means that people can use your
account to make toll calls.
What are the security properties of Skype? Nobody knows.
- --
Michael Richardson <mcr at xdsinc.net>
XDS Inc, Ottawa, ON
Personal: http://www.sandelman.ca/mcr/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQDVAwUBRy5HiO0sRu40D6vCAQL63AX+O908LwPYEV5pyYqEoEu40rRvbhhmBBEv
MI9sFRR2XUSBDFjYLxzV5kOxdEcnr4kHfYLN/jCrH2IjlJr4OBMNXxr3LC73d1BB
sYv7Do1q27p3pgw69995ie0imqlQs8EJ91DLpO8Khe7Il3AhivyPIsXJaHcRzGiq
BoyyRCL3xk/ayd605tkcVpW/kz69QL1sDq0u1ShsfWIcY4GM6qv+vHQWMnYIDyub
qD3SauXaCO3lC0Lrwj1hCgHdHQncpffk
=F6/f
-----END PGP SIGNATURE-----
More information about the ubuntu-ca
mailing list