From: Jonathan Rochkind <jrochkin@cs.oberlin.edu>
Date: Thu, 7 Jul 94 18:32:45 PDT
To: cypherpunks@toad.com
Subject: Question: Key Distr. in realtimeo applications?
Message-ID: <199407080132.VAA14746@cs.oberlin.edu>
MIME-Version: 1.0
Content-Type: text/plain


Well, I've gotten a few hundred pages into Applied Crypoto, and am now
educated enough to realize what the things are that I don't know.

One question I have is regarding how protocols for realtime
communications work, like say a encrypted voice conversation.

I know there are such things,such as Clipper, but I assume
Clipper/skipjack is atypical in many ways. But maybe I'm wrong. 

Anyhow, I'd guess that in such applications, a random one-time session
key is generated for a symmetric encryption method. Is this correct?
If so, how is this key distributed to both participants? You could use
public-key cryptography in some way to distribute the session key,
similar to what DES does, but then how do you distribute the public
keys so as to avoid a man in the middle attack?

Ideally, you want to pick up your crypto-phone, initiate a call to
another crypto-phone which you've never called before, and which was
possibly manufactured yesterday, and be able to exchange keys with it
in a secure fashion.  But I can't think of any way to do this, without
opening yourself up to a man in the middle attack.

How does clipper solve this problem? How do other potential realtime
protocols? Or do they just ignore it, and assume that it's going to be
too hard to do a succesful man-in-the-middle attack quickly enough for
a realtime conversation? That would seem to me to be a dangerous
assumption. 

I'd appreciate it if anyone could help me out.