From: Eric Blossom <eb@srlr14.sr.hp.com>
Date: Fri, 13 Aug 93 12:18:32 PDT
To: diffie@eng.sun.com
Subject: Secure voice software issues
In-Reply-To: <9308120203.AA04871@servo>
Message-ID: <9308131914.AA15560@srlr14.sr.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



> Eh? No, as I've been saying, you can produce a very strong hybrid in
> which both Diffie-Hellman and RSA each play an important part.
> Diffie-Hellman generates the session keys, while RSA signs them.

Does anybody *know* how existing secure phones do authentication?  I'm
familiar with the AT&T 3600, but I was wondering about a STU-III,
perhaps a Motorola SECTEL-1500, or equivalent Cylink. I assume that
they use Diffie-Hellman to exchange session keys, but what
public/private key info is stored in the phones (if any), and how do
you load it in?  Do you contact some kind of certifying authority to
download key info?  Is it stored in some kind of NVRAM, or EEPROM?
How many keys will the phone store?  I assume, given the presense of a
"zeroize" button that something useful is stored in the phone.  Also,
what is the "cryptographic ignition key"?  It is some kind of FLASH or
EEPROM?  What's on it? The key pair?

Thanks,
Eric Blossom