From: paul@poboy.b17c.ingr.com (Paul Robichaux)
Date: Mon, 9 Aug 93 18:41:52 PDT
To: thug@phantom.com (Murdering Thug)
Subject: re: Secure voice software issues
In-Reply-To: <m0oPiMJ-0009GJC@mindvox.phantom.com>
Message-ID: <199308100132.AA26355@poboy.b17c.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The problem with this is that public-key encryption is slooooow. I
never thought of having a fixed key for each user; even the STU-III
ignition keys get reloaded every so often.

Until I implement DH key exchange, caller & callee must have some way
to agree on a key. This is far from ideal, but (based on PGP's RSA
implementation on my Mac) I don't think RSA would cut it.

One possibility is to use a PGP-style keyring; the caller can encrypt
the session key with the callee's pubkey and transmit it. I think that
this is less secure than DH, though.

More comments are way welcome! Thanks.

- -Paul

- -- 
Paul Robichaux, KD4JZG     | "Crypto-anarchy means never having to say
perobich@ingr.com          |  you're sorry." - Tim May (tcmay@netcom.com)
Intergraph Federal Systems | Be a cryptography user- ask me how.


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLGb6kCA78To+806NAQFsUgP/W2eKFBiKLzBg1Aip2VTzg6RJDAU4C/mt
pW0RMx4dLK7ZRp8r3frmLHDnS2dcEwtu9weNOnzkFyK/j2056kn52O0icTX9w4gl
xDLIm/ay3gNaDrqZDA81c9vYsdHAn3pQaK1dxx3VZoWA6Je62ULvNlrxGIEXrvX5
zEEsV/5dYkQ=
=YFQP
-----END PGP SIGNATURE-----