Stephen D. Williams
sdw at lig.net
Fri May 27 18:52:19 PDT 2016
The pre-Microsoft version of Skype used integral encryption that was generally considered to be unbroken.
Here, SSL isn't broken per se, but if someone sneaks in a CA certificate at the system level, which is common for Enterprise
situations, then Skype will quietly and automatically trust a man in the middle. That's not the expectation of users, but exactly
what Microsoft and people influencing Microsoft want.
Understandable, but not desirable by users.
On the other hand:
On 5/27/16 11:20 AM, Gregory Alan Bolcer wrote:
> If you use a localhost as the proxy which then handles the p2p encryption/decryption, it worked up until early 2k's. Encryptanet
> was all about crazy interceptions and redirections and frictionless content access.
> On 5/27/2016 11:16 AM, Stephen D. Williams wrote:
>> This is old, but still interesting. This illustrates why Skype was so
>> much less usable, and less secure, as a Microsoft product.
More information about the FoRK