June 21, 2006 10:20 AM PDT
Skype to address identification concerns
- Related Stories
Skype software to ship on Dell laptopsMay 31, 2006
Skype bug may expose user dataMay 19, 2006
Skype offers free calling to phones in U.S., CanadaMay 15, 2006
Skype flaws open computers to attackOctober 25, 2005
Part of Skype's "wish list" for further expansion into the business market is to enhance username authentication for business customers, the voice over Internet Protocol company said Wednesday.
"There's a lot of leverage space in the identity segment," Kurt Sauer, chief security officer for Skype, told ZDNet UK.
One security concern for IT managers is that while Skype uses an encrypted public key infrastructure, it automatically authenticates users itself. This means that users cannot authenticate the identity of the people they are communicating with.
"Skype is a public key infrastructure, which means nothing if you don't know who you are identifying at the other end," Sauer said.
The company is researching ways users can authenticate each other, including looking at so-called "ring of trust" models, where a certification authority (CA) establishes the identity of users. Once user identity has been established, the person is added to the ring of trust by being issued a certificate from the CA.
The company on Wednesday admitted that identity authentication was a problem for Skype, but denied it was a security issue.
"Identity authentication is more of a usability problem," Michael Jackson, director of operations for Skype, told ZDNet UK. Skype "is not usable for a 10,000-user deployment at the moment. This is something we can build in."
Skype will attempt to address these concerns by boosting companies' ability to add and delete usernames for employees joining and leaving departments.
"If you have 200 people per department, managers want them to be automatically added on when they join, and taken off when they leave. It's these kinds of features that will appeal to larger businesses," Jackson said.
"We want functionality to be enabled or disabled on a policy basis, so Skype users can use (Skype) without invalidating business policy," Sauer added.
Skype is setting its sights on larger businesses, while continuing to focus on the consumer market. At the moment, Skype is not suitable for use in big businesses, according to Jackson.
"As we move up the quality ladder, appealing to 500-plus employee enterprises is essential. We want a tool you can use at home, take to work and not violate policy," Jackson said. "Our product is not suitable for a trading environment at the moment, but then there are rather few companies listening to their employees' conversations every day."
"One instant messaging company wanted to put Skype on a trading floor, and we said to them, 'This is probably not the right product for you,'" Sauer said.
Tom Espiner of ZDNet UK reported from London.
1 commentJoin the conversation! Add your comment