From: Jonathan Rochkind <jrochkin@cs.oberlin.edu>
To: cypherpunks@toad.com
Message Hash: 7a3698a691f4bfb12dd84a507081380e02f428af9a04dfefdf901e9b0fe0c6fe
Message ID: <199407080132.VAA14746@cs.oberlin.edu>
Reply To: N/A
UTC Datetime: 1994-07-08 01:32:45 UTC
Raw Date: Thu, 7 Jul 94 18:32:45 PDT
From: Jonathan Rochkind <jrochkin@cs.oberlin.edu>
Date: Thu, 7 Jul 94 18:32:45 PDT
To: cypherpunks@toad.com
Subject: Question: Key Distr. in realtimeo applications?
Message-ID: <199407080132.VAA14746@cs.oberlin.edu>
MIME-Version: 1.0
Content-Type: text/plain
Well, I've gotten a few hundred pages into Applied Crypoto, and am now
educated enough to realize what the things are that I don't know.
One question I have is regarding how protocols for realtime
communications work, like say a encrypted voice conversation.
I know there are such things,such as Clipper, but I assume
Clipper/skipjack is atypical in many ways. But maybe I'm wrong.
Anyhow, I'd guess that in such applications, a random one-time session
key is generated for a symmetric encryption method. Is this correct?
If so, how is this key distributed to both participants? You could use
public-key cryptography in some way to distribute the session key,
similar to what DES does, but then how do you distribute the public
keys so as to avoid a man in the middle attack?
Ideally, you want to pick up your crypto-phone, initiate a call to
another crypto-phone which you've never called before, and which was
possibly manufactured yesterday, and be able to exchange keys with it
in a secure fashion. But I can't think of any way to do this, without
opening yourself up to a man in the middle attack.
How does clipper solve this problem? How do other potential realtime
protocols? Or do they just ignore it, and assume that it's going to be
too hard to do a succesful man-in-the-middle attack quickly enough for
a realtime conversation? That would seem to me to be a dangerous
assumption.
I'd appreciate it if anyone could help me out.
Return to July 1994
Return to “Jonathan Rochkind <jrochkin@cs.oberlin.edu>”