In the past we have discussed Skype a lot, and I've held it out as a
great example, possibly the leading example of *architecture*. Here's
some news on how its light is slowly dimming:
https://financialcryptography.com/mt/archives/001105.html
Also, here is a great resource for those who want to dig deeper:
http://www1.cs.columbia.edu/~salman/skype/
Which includes the independent evaluation of Skype's security that I
mentioned a few months back (but could not find). Here it is:
Skype Security Evaluation Report by Tom Berson
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf
The pertinent comment here being that the approach demonstrated by Skype
is more or less conformant with Mozilla's own policy on CAs (and this
presents the motive for this off-topic post).
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
