[tptacek]

If I understand RTFMP (what I know I got from reading Cumulus, an open source C++ implementation), the security side of this is not thrilling me:

* It's Diffie Hellman for key agreement, which is trivially MITM'd (odds are, you can even zero out the DH key and it won't notice).

* It uses AES in CBC mode with all-zeroes IV's (so it's less secure than CBC mode).

* It's using a 16 bit CRC for message integrity checks instead of a cryptographic MAC.

I say all this with the caveat that I could be misreading Cumulus or Cumulus could have it wrong, but if this is where RTMFP is today, then Sendoid is substantially less secure than an HTTPS file transfer site.