From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Sat, 26 Aug 95 18:21:39 PDT
To: rjc@clark.net
Subject: Re: proliferation of voicesystems
In-Reply-To: <199508262330.TAA08738@clark.net>
Message-ID: <199508270121.EAA24196@shadows.cs.hut.fi>
MIME-Version: 1.0
Content-Type: text/plain


>   It's really great that there are all these voice transmission/encryption
> programs out there, the problem is, none of them will talk to each other.

Maybe someone could start writing an internet draft about "encrypted
voice transmission on the internet".  It should address several
issues:
  - compression methods, sampling rate differencies, encoding methods
  - encryption methods used for bulk data: at least IDEA, 3DES, DES
    (3DES and DES required, IDEA optional but recommended (for patent reasons))
  - key exchange and authentication methods.  One good model could be
    that used in Photuris (see the internet draft
    draft-ietf-ipsec-photuris-02.txt at e.g. www.ietf.cnri.reston.va.us).
    Photuris is essentially Diffie-Hellman followed by authenticating
    the other party via signing the exchange.  (Authentication is
    important to avoid man-in-the-middle attacks).
  - specification of the protocol for modem-to-modem connections

Provided that the compression method is patent-free, all of the
related crypto patents expire within about two years (assuming
something other than RSA can be used for the signatures - see the
Photurs draft).  (IDEA should be optional because its patent will not
expire in near future).

I think it would be a good idea to set up a mailing list for this.

    Tatu Ylonen <ylo@cs.hut.fi>