Skype - 3.0 beta Guide de l'utilisateur télécharger pdf (Page 15)

Skype Network Administrator’s Guide Skype 3.0 Beta 15

2006-10-31 Document version 2.0 Beta

The message that Skype transmits is intended to alert the recipient’s Skype client of two

things: first, the caller’s Skype client wants to connect, and second, it can’t connect

directly. The message also asks the recipient’s Skype client to try to establish a direct

connection in the opposite direction; in effect saying, “I can’t reach you directly, can you

reach me?”

If the Skype client can establish a direct connection using the reverse communication path,

then communication begins. The message content is transmitted directly from one Skype

client to the other.

However, if there is no way for the Skype clients to communicate directly with one

another, Skype will attempt to route the content of the communication through a relay host,

which is another kind of special node on the Skype network. Relay hosts are similar to

supernodes because they are regular Skype peer nodes that, under a particular set of

circumstances, take on additional responsibilities.

They are responsible for detecting Skype clients which are online, establishing connections

among them, and transmitting signaling messages to ensure encrypted traffic is routed

efficiently.

A relay host is similar to a supernode but, instead of operating as a temporary directory

index server for nearby peer nodes in the cluster, a relay host is not actually party to the

call. Instead, relay hosts simply provide an alternative path for Skype network traffic. In

other words, they are data-transfer stations that offer a clear path to connects Skype clients

which are unable to connect directly.

When this happens, both the caller’s and recipient’s Skype clients connect to the relay host.

In truth, the Skype network traffic is spread among multiple relay hosts for fault tolerance,

as well as to ensure call quality and call completion. And all of the relay hosts remain “in

play” for the duration of a specific session. They are dismissed when the communication is

complete.

To restate what has already been said, the reason that Skype transport-layer security is

essential in the Skype P2P architecture is that in order to complete a connection,

supernodes are always (and relay hosts may sometimes be) involved in communication

among Skype clients. The Skype security model prevents eavesdropping because all

communication between each pair of nodes, supernodes, and relay hosts is encrypted end

to end.

How Is Encryption Handled?

Skype relies on a system of public and private keys to ensure the contents of

communication are confidential. As stated earlier, all Skype network traffic is encrypted to

ensure privacy. This includes all signals used to control the Skype network, as well as

communications content; specifically, voice video, text, and data.

The use of strong encryption here means that it is not possible to know what information is

traveling in the Skype network among nodes, supernodes, or relay hosts.

The cryptographic model behind Skype employs both public-key and symmetric-key

cryptography, including the AES algorithm, used in 256- bit integer counter mode. Skype

also uses 1,024-bit RSA to negotiate symmetric AES keys. User public keys are certified

by the Skype server at login, using 1,536- or 2,048-bit RSA certificates.

At the moment the Skype clients establish a connection (but before an actual voice or video

call, text chat, or file transfer begins), each Skype client involved in the session presents

digital credential and must agree on an Advanced Encryption Standard (AES) encryption

key.

1 2 ... 10 11 12 13 14 15 16 17 18 19 20 ... 36 37

Commentaires sur ces manuels

Pas de commentaire

Skype - 3.0 beta Guide de l'utilisateur Page 15

Commentaires sur ces manuels

Produits connexes et manuels pour Logiciel Skype - 3.0 beta