> Hmm, a few days ago SSH announced a partnership with Sonera on this
> stuff. Perhaps Tatu will give us his views on whether they're likely
> to come up with something actually intended to be highly secure (like
> IETF's IPSEC) or something intended to be easy to wiretap and subvert
> (like everything else in the mobile phone market).
Most of the stuff is under non-disclosure. I've seen certain
specifications, but haven't personally studied them in detail. From
what I know the protocol itself is intended to be secure.
Yes, I agree that it would be good if it was possible for users to
supply their own keys. Currently, it does not fit into the process
how SIM cards are produced and initialized. I personally hope that
such provision can be incorporated in future.
Tatu
--
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ipsec.com/
Free Unix SSH http://www.ssh.fi/sshprotocols2/
