[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure phone




Eric,

	I think you can make a stronger statement.

	With your phone, once you exchange the hash you have good assurance
that you have a private conversation with the person whose voice you hear.

	How you determine that that is the person you think it is/should be
is a different problem.

	As for proving lack of an eavesdropper, you would also need to
establish that the person's earpiece wasn't bugged, the person didn't
record the conversation to hand to someone else, ....

	For my purposes, the authentication is secure enough that I'm very
pleased.  The voice quality is good enough that I can recognize friends --
and if I'm calling a stranger, then the MITM is a moot point.  That is, if
I'm calling a stranger named Bob, there is no way for me to tell the
difference between:

	Carl -- Eve -- Bob
and
	Carl -- Bob -- Eve

since both Bob and Eve are strangers to me and I don't know Bob well enough
to rule out case 2.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   [email protected]     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+