-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/07/14 11:27, James A. Donald wrote: > On 2014-07-11 07:45, Kevin wrote: >> On 7/10/2014 4:39 PM, John Young wrote: >>> https://blog.silentcircle.com/why-are-we-competing-with-phone-makers-skype-and-telecom-carriers-all-in-the-same-week/ >>> > >>> > With silent circle, when Ann talks to Bob, does Ann get Bob's > public key from silent circle, and Bob get Ann's public key from > silent circle.
For phone calls they use ZRTP, so Ann and Bob can verbally compare short authentication strings after the key exchange to detect a MITM, *if* they know each other's voices and their voices can't be faked. ZRTP carries keying material forward from one session to another so it isn't necessary to do this every time. For messaging it's the same, except the verbal confirmation happens out-of-band. The protocol spec seems to have been taken offline recently, but it's archived here: https://web.archive.org/web/20140125121552/https://silentcircle.com/static/download/SCIMP%20paper.pdf Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTv8ORAAoJEBEET9GfxSfMZmoH/1ip9AmkhY+bVLtgpgYTOjrp SRSgFIzaeGocGnMyBz1cgcxOaDOSNOATc8IpbhSVvmJue1VD43VlCv6Fvdwe0pid nOBX/ZMY35hlil9Kte/STcDQDt6E3AYiaFlIXXVyU7y/35K2J6629fixPJc5yPVB rHy1ew0HqvQFWfiztYK/fxptuWu81UAh9HIL3A9j1/N0eX1EpaKBgUFWRTzD/4Id XSckanVjQ34JTJNuC0UbLXY7sz8ljSeFI3dGQQEFliODYNhy5eWn7JkL9oOj26AM KcSdAp85KF6f7rRE36QC5NroS9iiDWzgcXLOy/cHgmH3uODWOA70vy1GxjYbhxQ= =uakY -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography