On 8/1/09 14:10, D3|\||\|!$ wrote:
Hi All!
I am looking for real-time encryption methods/protocols for streaming
A / V / Text data. I plan to build an app similar to Skype
Skype has a demanding set of requirements, which are unusual and
unfamiliar to people. It is basically from the p2p school of thought,
rather than the PKI school of thought you will find here.
See ref at bottom as to where to ask about this.
It probably doesn't make sense to take the demanding requirements of a
Skype replacement as equivalent to "A / V/ Text" without a bit more
thought. If you really want to do A / V streaming, then that's where
you have to look, and get a lot closer to those apps.
It's not sufficient in these apps to say "oh just use datagrams", you
have to study the nature of the stream, get into the soul of the app.
From whatever research I did about Skype, I found the following
First mistake, ignore the numbers. Look at the protocol (which is
unknown :)
..... User public keys are certified by the
Skype server at login .... RSA certificates.
It is unlikely that they are "certified", more likely they are registered.
It has also set up its own CA for authentication. On first usage, a
client contacts Skype's master server which issues a certificate from
its indigenous CA.
I would be surprised if they were using certificates, there is no real
point, because the server isn't making a claim of any import.
Besides the above cryptographic algorithms, Skype has also implemented
its own proprietary key-exchange protocol which it uses for key
exchange. I guess they have borrowed most of the features of SSL and
implemented it according to their needs besides "fixing" its need for
a connection-oriented protocol.
I doubt they used SSL at all ... the primary uses are message based, the
error handling is higher layer, and the "identity" handling is
opportunistic, to use a euphimism.
(I thought they based their design on their previous work with Kazaa.)
The question is, can we use IPSec to secure UDP data communication??
If yes, HOW?? (since using TCP to transport A / V data would cause
huge "delays".. So SSL is also out of question...)
IPSec is generally an O/S level thing, or? Probably worth reading about
but research p2p designs first.
One more option would be to use DTLS - I needed to know if NSS
supports DTLS... Have already developed apps with NSS.. so life could
be a lot more easier if NSS did support DTLS.. :D
IMHO, only, DTLS is a design to re-use as much of SSL technology as
possible, where this makes sense.
It is probably good to read DTLS at least, but before you do that, read
up on p2p designs.
Another option would be to use SSH but again, I'm not sure if it can
be used with UDP and also about its authentication methods. Comments
would be welcome.
Standard SSH cannot be used with UDP. I have a sort of prototype that
does UDP tunnelling using SSH (it was a hobby hacking project I did to
extend some UDP payments technology), I don't recall anyone else being
so daft & dotty.
Having said that ... again, I wouldn't use this general tool for a
specific application, especially one as demanding as faux-Skype.
Also, I'm looking for suitable forums/IRC channels to discuss the
topic more. Could the people here suggest me some???
Architecture is possibly the most fun thing, but this forum does not
really do architecture. The best place I know for this question is the
p2p list run by zooko:
http://lists.zooko.com/mailman/listinfo/p2p-hackers
There you will find a lot of people doing similar stuff, with a fair
scattering of people who've attacked similar problems.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
