-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Jun 30, 2013, at 12:44 AM, James A. Donald <jam...@echeque.com> wrote: > Silent Circle expects end users to manage their own keys, which is of course > the only way for end users to be genuinely secure. Everything else is snake > oil, or rapidly turns into snake oil in practice. (Yes, Cryptocat, I am > looking at you) > > However, everyone has found it hard to enable end users to manage keys. User > interface varies from hostile, to unbearably hostile. > > Silent Circle publish end users public keys, which would seem to create the > potential for a man in the middle attack. > > I would like to see a review and evaluation of Silent Circle's key management. This isn't quite correct. You have the gist of it, though. Silent Phone uses ZRTP, which is ephemeral DH with hash commitments for continuity, in the style of SSH. The short authentication string is there for explicit MITM protection. There's no explicit public key. Silent Phone uses SCIMP, which is also a EDH+hash commitment protocol, and also has no explicit public keys. The problem there is that unlike a voice protocol when you can use a voice recitation of a short authentication string, there's no implicit second channel in a text protocol. We're working on improvements there. There's a SCIMP paper up on silentcircle.com. Please look at it. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFR0KhvsTedWZOD3gYRAiYEAJ4w96a0qdNjeDRAlii7qaF/dZ1TsACfUVJI zfGnH862J4muQrTHag9sL48= =ZqZE -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography