From: karn@qualcomm.com (Phil Karn)
To: fnerd@smds.com
Message Hash: d1e20fb8750a7e9dbe7d5833961c654a406a274fd309898e1bac5e7f80f97918
Message ID: <9308120203.AA04871@servo>
Reply To: <9308112238.AA05820@smds.com>
UTC Datetime: 1993-08-12 02:07:35 UTC
Raw Date: Wed, 11 Aug 93 19:07:35 PDT
From: karn@qualcomm.com (Phil Karn)
Date: Wed, 11 Aug 93 19:07:35 PDT
To: fnerd@smds.com
Subject: Secure voice software issues
In-Reply-To: <9308112238.AA05820@smds.com>
Message-ID: <9308120203.AA04871@servo>
MIME-Version: 1.0
Content-Type: text/plain
>Maybe this is a good service for a key server to perform.
Yeah, but that kind of assumes connectivity to the net. It's rather inconvenient
for a pair of phones who only have dialup modems connected to each other
to do this on every call.
>What if you prepare RSA key pairs in advance in your computer's
>(phone's) spare time, then use one per conversation (at least for the
>initializing)? You would encode your public key with the session
You could probably use temporary RSA key-pairs for each call, but RSA
key generation is notoriously slow. A lot slower than a Diffie-Hellman
key exchange.
>Am I wrong, or is Diffie-Helman only useful when you *don't* have
>a way of verifying who each other are?
Eh? No, as I've been saying, you can produce a very strong hybrid in
which both Diffie-Hellman and RSA each play an important part.
Diffie-Hellman generates the session keys, while RSA signs them.
Phil
Return to August 1993
Return to “karn@qualcomm.com (Phil Karn)”