Friday, May 4, 2012

To all the tin foil hat wearers

I can't help but notice that the vast majority of people can't process a piece of news such as the one that was posted recently on this blog. To quote Lao Tzu "Those who know do not speak, those who speak, do not know", or something in that regard (sweet irony for I am now speaking).

What are Skype supernodes? As explained in the Skype presentations given 6 years ago, Skype supernodes are a directory and routing service. They are basically the Yellow Pages of Skype, you send them your blobs, and you query them to get your contacts' blobs. If you are behind a NAT or firewall, they will route requests to you. Do they route voice calls (or IM)? No. Relay nodes take care of those if you can't communicate directly with the other end. There is a mutual exclusivity in that a node can't be a relay and a supernode at the same time. At this time, relays are still random machines in the "wild", and people from that "Skype Open Source Project" are full of shit.

Once again, as explained in Vanilla Skype, when you establish a session with a peer - through a relay or directly - each party sends to the other a half-AES key encrypted with the public RSA blob of the other party. Then the session is encrypted using that session key. This means that the end to end traffic is encrypted with something neither the supernode, nor the relay node, nor Skype, know stuff about: because they do *not* have your private RSA key. Does having centralized Supernodes ease wiretapping? No. Does it make the network more reliable, secure, and scalable? Most likely.

Read the slides (part 1 & part 2). If you don't understand them, too bad, you are missing out.

Tuesday, May 1, 2012

Skype does away with random supernodes

A major change in the Skype network architecture has occurred two or three weeks ago (at the time I wrote this), and has gone unnoticed as far as I know. The number of supernodes has dropped from 48k+ to 10k+, and all the supernodes are now hosted by Microsoft/Skype. Promotion of random eligible nodes to supernodes has stopped (through the setting of the global boolean 33h).

Ironically, those remaining supernodes run on grsec'ed Linux boxes (I hope Spender gets a sizeable donation from Microsoft). They can host a considerable amount of clients, ~100000.

At the same time, the number of online Skype users jumped (http://skypejournal.com/blog/2012/04/23/skype-topped-41-5-million-concurrent-users-online-today-chart/) and can now reach 41M at peak hours.

This will likely ensure that former outages (http://articles.latimes.com/2010/dec/23/business/la-fi-skype-20101223) don't happen again, and gives MS a better control over the network.

Edit: dead link, so here is the original graph from Skype Journal:
Edit: supernodes list as of May 1st 2012: http://pastebin.com/LgWsPUGe
Edit: Microsoft confirms (http://arstechnica.com/business/news/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft.ars):
As part of our ongoing commitment to continually improve the Skype user experience, we developed supernodes which can be located on dedicated servers within secure datacentres. This has not changed the underlying nature of Skype’s peer-to-peer (P2P) architecture, in which supernodes simply allow users to find one another (calls do not pass through supernodes). We believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community.
I do think that this was the way to do things, and that their beliefs expressed in the last sentence are correct (if anyone cares what I think!). They didn't say how much they are going to give Spender though...