1993-08-12 - Secure voice software issues

Header Data

From: gtoal@an-teallach.com (Graham Toal)
To: cypherpunks@toad.com
Message Hash: 2ceb0b0daf18cc24cc08cccd4423ccac482807507976a94d1485e6c3633960e4
Message ID: <4732@an-teallach.com>
Reply To: N/A
UTC Datetime: 1993-08-12 10:22:50 UTC
Raw Date: Thu, 12 Aug 93 03:22:50 PDT

Raw message

From: gtoal@an-teallach.com (Graham Toal)
Date: Thu, 12 Aug 93 03:22:50 PDT
To: cypherpunks@toad.com
Subject: Secure voice software issues
Message-ID: <4732@an-teallach.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <9308111916.AA03336@servo> karn@qualcomm.com writes:
 > Voice calls are different, as the availability of a two-way path lets
 > you do things much more securely. If you generate a session key with
 > DH and use PGP/RSA *only to sign the exchanges*, not to encrypt the
 > session key, then even if your RSA secret key is later compromised, it
 > would not compromise those session keys that had already been created,
 > used and destroyed.

Thanks for that explanation, that bit hadn't sunk in with me!

This makes me think... something similar would be a good extension to
SMTP wouldn't it?  DH exchange of keys before sending point to point
mail?  With the user's public keys being picked up via their .mailrc
or .pgpkey or something...

(It would only happen if both SMTP's supported it and both users had
made their public key available to the mail system)

I'm thinking of ways of automatically and easily encoding all traffic
by default, to avoid line snooping.  I'm not suggesting this as an
alternative to explicitly encrypting things you want to keep private.
You could still do that too.

G
===
Personal mail to gtoal@gtoal.com (I read it in the evenings)
Business mail to gtoal@an-teallach.com (Be careful with the spelling!)
Faxes to An Teallach Limited: 031 662 4678  Voice: 031 668 1550 x212






Thread