----- Forwarded message from Eric Blossom <[EMAIL PROTECTED]> ----- Date: Tue, 3 Jun 2003 15:50:37 -0700 From: Eric Blossom <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Orig-To: John Kelsey <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], EKR <[EMAIL PROTECTED]>, Scott Guthery <[EMAIL PROTECTED]>, Rich Salz <[EMAIL PROTECTED]>, Bill Stewart <[EMAIL PROTECTED]>, cypherpunks <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: Maybe It's Snake Oil All the Way Down In-Reply-To: <[EMAIL PROTECTED]> User-Agent: Mutt/1.4i
On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote: > At 01:25 PM 6/3/03 -0700, Eric Blossom wrote: > ... > I agree end-to-end encryption is worthwhile if it's available, but even > when someone's calling my cellphone from a normal landline phone, I'd like > it if at least the over-the-air part of the call was encrypted. That's a > much bigger vulnerability than someone tapping the call at the base station > or at the phone company. GSM and CDMA phones come with the crypto enabled. The crypto's good enough to keep out your neighbor (unless he's one of us) but if you're that paranoid, you should opt for the end-to-end solution. The CDMA stuff (IS-95) is pretty broken: *linear* crypto function, takes 1 second worst case to gather data sufficient to solve 42 equations in 42 unknowns, but again, what's your threat model? Big brother and company are going to get you at the base station... At our house we've pretty much given up on wired phone lines. We use cell phones as our primary means of communication. Turns out that with the bundled roaming and long distance, it works out cheaper than what we used to pay for long distance service. There is that pesky location transponder problem though. > ...which will basically never be secured end-to-end if > this requires each of those people to buy a special new phone, or do some > tinkering with configuring secure phone software for their PDA. "Hmmm, > which key size do I need? Is 1024 bits long enough? Why do I have to move > the mouse around, again, anyway?" It doesn't have to be hard. No requirement for PKI. Just start with an unauthenticated 2k-bit Diffie-Hellman and be done with it. Eric ----- End forwarded message -----