From: Adam Shostack <adam@homeport.org>
Date: Wed, 14 Aug 1996 04:25:56 +0800
To: daw@cs.berkeley.edu (David Wagner)
Subject: Re: (Off Topic) Re: FCC_ups
In-Reply-To: <4upjp5$tc@joseph.cs.berkeley.edu>
Message-ID: <199608131233.HAA09323@homeport.org>
MIME-Version: 1.0
Content-Type: text


David Wagner wrote:

| The *real* challenge: how do you support sender- and recipient- anonymous
| phone calls with strong security?  Have fun.

	Caller calls 1-900-stopper via an international callback
service.  Caller uses Stopper to reach callee's phone number.  Callee,
taking responsibility for their own privacy, uses a forward that she
placed on a pay phone in Grand Central to a cheese box* in the
Seychelles to her real phone.

	Oh, you want authentication and MITM protection?

	Only caller<-->callee needs authentication, for the DH key that
they share for the call.  The other encryption is point to point
transport layer stuff; its nice that its there, but a MITM can listen
in, and only get one or two phone #s.  The chain is as strong as its
strongest link, namely the photuris style authentication of the
caller<->callee.

(A cheese box is a forwarder that works outside of the switch; call
#1, it dials #2, then connects it to line 1.  So called because the
first one the police found was in a cheese box.)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume