Yes this 443 port thing is the only reason why it seems that Skype is unstoppable. You could block connections to that port but then you would also cut off https based websites :(.
Would it be possible to ACL via Squid (or the likes) to control what host a client is initiating an SSL connection to? I have not done much filtering on the application (HTTP) level beyond blocking basic requests for a domain on standard HTTP (80). I wonder if it would be possible to write an extension for Squid that would not allow connections to IP addresses that don't (forward) resolve back to what they reverse resolve to. I'm grasping at straws here, but then again Skype is going to be hard to stop.
Grant. . . .