From: frantz@netcom.com (Bill Frantz)
Date: Fri, 22 Nov 1996 14:36:32 -0800 (PST)
To: Sean Roach <cypherpunks@toad.com
Subject: Re: Mass-market crypto phones
Message-ID: <199611222236.OAA27264@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 AM 11/22/96 -0800, Sean Roach wrote:
>At 09:10 AM 11/21/96 -0500, Clay Olbon II wrote:
>>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>>device (http://www.comsec.com/)...

>At first this seemed to be a challenging goal as public key encryption (at
>least the type of which I am aware) requires a public key ring, but then I
>thought, what would be the point in real time communitation?

Both Eric's product and PGPhone use Diffie-Hellman key exchange.  They
protect against man-in-the-middle attacks by displaying (part of) the
resulting symmetric key and having the phone's users verify they are both
working with the same key in the conversation.  Until the AIs/eavesdroppers
get good enough to imitate a person on the phone, this verification
technique is good enough.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA