From: guy@theporch.raider.net (Jonathan Guy)
To: karn@qualcomm.com (Phil Karn)
Message Hash: 454910bd8e9d4ceaaa3af41fe0f247c210992ced128bb1626ad20af0a62bddcc
Message ID: <m0oQB7m-0009UVC@theporch.raider.net>
Reply To: <9308100259.AA24433@servo>
UTC Datetime: 1993-08-11 08:56:52 UTC
Raw Date: Wed, 11 Aug 93 01:56:52 PDT
From: guy@theporch.raider.net (Jonathan Guy)
Date: Wed, 11 Aug 93 01:56:52 PDT
To: karn@qualcomm.com (Phil Karn)
Subject: Re: Secure voice software issues
In-Reply-To: <9308100259.AA24433@servo>
Message-ID: <m0oQB7m-0009UVC@theporch.raider.net>
MIME-Version: 1.0
Content-Type: text/plain
> I agree that RSA public keys could be exchanged as needed during the
> call, although this might require a few iterations before a party gets
> a signature that it can trust. Finding a path through the PGP "web of
To me at least this seems unimportant for the application. If all you're
doing is exchanging session keys over the phone, it doesn't really matter if
you are sure that the public key actually belongs to who it claims it does,
only that the person you're talking to (who you presumably already know)
actually possesses the corresponding private key. This can be verified with
a simple challenge-response system. The identity problem is removed if you
use a different key pair for phone conversations than you do for signature
purposes... there doesn't need to be any information actually connecting the
key with you.
--
Jonathan R. Guy | The opinions expressed above are not
E-Mail: guy@theporch.raider.net | those of my employer. Nor are
Snail: P.O. Box 158325 | they my own. Actually, I copied them
Nashville, TN 37215 | from the encyclopedia.
Return to August 1993
Return to “thug@phantom.com (Murdering Thug)”