[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PRZ encrypted voice software release imminent

> >I can't violate my NDA, but PGPFone will be a *major* revolution for
> >communication security. I would not be surprised to see several hundred
> >thousands of users. PGP will plale in comparison.
> I sincerely doubt this. if someone could find a way of doing 
> voice encryption through simple idiotproof hardware adapters
> (I am thinking of cups that you could attach to any standard phone)
> the voice encryption will not be widely used, I think.
> there are very many PGP users right now, say at least in the
> tens of thousands if not hundreds of thousands. the 
> requirements for live voice encryption are pretty significant:
> a fast computer and fast modem. this alone is only a subset
> of those people using PGP right now. also, I doubt there are
> going to be few people who use PGP phone but not PGP software.

  I don't think CPUs and modems are an issue. When I bought my 486/DX2
more than a year ago, it was a near top of the line machine (a P66 was the 
only thing better and it was a lot more expensive). Now, I can look
in computer shopper and see that not only is my machine not near the
top of the line, it's not even "Entry Level". Pentium 75/90 systems are
going for 1/3 the price I bought my computer for, and those systems have
PCI buses (vs my VESA local bus), larger HDs, EDO RAM, faster video
cards, etc. Assuming a baseline of a 486DX/33 or faster (like a DX4)
is not unreasonable. Secondly, 14.4K modems are a dime a dozen. You
can get them as low as $50 (with RPI) or $70-80 for full functionality.
28.8K modems can be bought for $150. 

  The problem with PGPFone as I see it, is that it's an application and not
a application to a protocol. To get voice encryption in large scale
use will require several things IMHO

1) performance is reasonable
2) user interface is very easy to use, as easy as using a walkie talkie
     with a key
3) software is very easy to setup up (no knowledge of hayes commands required,
no editing of slip configuration, etc)

Finally, even that is not going to drive the system into a defacto
ubiquitous standard unless

4) a complete, easy to read specification of the protocol used is
   published (perhaps as an RFC)
5) third party applications that use the protocol evolve. 

#5 is needed because competition between applications writers will
improve the human interface of the software beyond what the PGP
authors can design. (who are more likely algorithm specialists, 
not human interface people)

6) network independent
   this will be a benefit to people who want to make long distance calls
over data networks. it could also be used by companies for secure 

I would like to see a secure voice communication protocol that is divorced
from the particular details of the algorithms used (although a 
base level of some voice compression technique + DES + RSA will have to
be used) That way, new and better algorithms can be dropped in depending
on the network used (modem, ipx, tcp/udp, etc) and the bandwidth required
(CELP vocoder, MPEG-audio, lossless encoding, progressive PCM, etc)