edit: it looks like it would allow another software to show up as an Airport Express in iTunes, thus becoming the potential target of streaming audio over WiFi from iTunes. But am I right?
The Airport Express public key was previously known, which allowed anyone to write a program to stream audio to an Apple Airport Express. Now that the private key is known, anyone can write a program to receive audio from iTunes, or from another program that sends to Airport Express.
This means you will be able to easily send audio to other rooms in your house with something like XBMC running on a PC, nettop, or netbook.
edit: Just to clarify - previously you could do this:
iTunes -- stream to --> Apple Airport Express
3rd party software -- stream to --> Apple Airport Express
Now you can do this:
iTunes -- stream to --> 3rd party software/hardware
Speculation: If iTunes plays the role of the Fairplay DRM decoder and relied on the channel between iTunes and the Airplay device being encrypted to secure content would it now be possible to use the private key to masquerade as a capable Airplay device and dump a the stream pure and DRM free? Would this work for video enabled Airplay devices?
If so, Apple and this hacker are about to be lawyered hard by the MPAA.
It doesn't. The Airplay device receives ALAC (Apple lossless audio) data, so this doesn't get you anything that wasn't already easily available by other means.
Yes, provided you were the MitM, you could capture every song streamed. However, Apple is far more likely to be worried about someone writing an AirPlay emulator that keeps perfect copies on it's local hard drive. They probably built encryption in just to satisfy any possible media company objections about the copying of streamed media.
"Airfoil Speakers works pretty much like an AirPort Express from the point of view of Airfoil. It advertises its services over Bonjour, then uses the same AirTunes 2 protocol that Apple uses. However, despite using the same protocol, iTunes won’t talk to Airfoil Speakers. iTunes uses cryptographic authentication to ensure that it only talks to real AirPort Expresses, and we weren’t able to mimic that. Until Apple removes those checks, Airfoil Speakers will only work with Airfoil 3 and Airfoil for Windows."
IIRC, the traditional way around such legal ambiguity is for the project to offer a configuration variable akin to "input your favorite private key here." If the user is in a country which permits use of the AirPlay key, great, if not then the project can continue to operate as before. Either way, the project is indemnified because /they/ didn't provide the key.
"Now that the AirTunes private key is known, it could allow for 3rd party software to act like AirTunes devices.
If this for example would be implemented in XBMC, Plex, Boxee etc you could send audio from your IOS device straight to XBMC using IOS built-in Airplay support."
edit: it looks like it would allow another software to show up as an Airport Express in iTunes, thus becoming the potential target of streaming audio over WiFi from iTunes. But am I right?