From: Bill Frantz <frantz@netcom.com>
Date: Sun, 19 Jan 1997 13:44:49 -0800 (PST)
To: Adam Back <paul@fatmans.demon.co.uk
Subject: Re: GSM crypto upgrade? (was Re: Newt's phone calls)
In-Reply-To: <853575672.913148.0@fatmans.demon.co.uk>
Message-ID: <v03007808af0842c7858c@[204.31.235.152]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:39 AM -0800 1/16/97, Adam Back wrote:
>- PIN for phone's RSA signature keys

It is not clear you need signatures in the secure phone case.  Eric
Blossom's 3DES uses straight DH for key exchange with verbal verification
that both ends are using the same key.  As long as the man in the middle
can't imitate a familiar voice, this procedure is reasonably secure.

I agree that signatures of some kind are needed to identify the phone to
the cell company to prevent an all too familiar technique of stealing phone
service.  But this protection would not be a 3rd party cell phone upgrade.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA