secure phone (was Re: Starium...)

William Allen Simpson wsimpson at
Wed Jun 6 00:59:11 EDT 2001

OK, it seems to me that all the pieces are already in place.  Maybe I'm 
biased, but IETF already has specifications that cover the wish list.

William Allen Simpson wrote:
>  - must work as bump in the cord for any analog phone line, and talk
> peer to peer with any similarly configured analog phone line.
V.34 modem chip.  VoIP/RTP/IP/PPP/HDLC with Header Compression.

All standard!  Very low overhead (about 5-8 bytes per packet).  
Pretty simple and CommonOffTheSelf (COTS).  

IP/PPP/HDLC is very small code size, about 20KB on an embedded 186, as 
implemented for Vocal in '92 and Qualcomm in '93-95.  Haven't 
implemented the rest, so don't know....

Manufacturing cost under $20 each 1000 quantities.

The user hears a 2 second modem tone.  No answering tone, no modem 
negotiation.  No user interaction, no muss, no fuss. 

The modem tone could even be an advertisement.  "What's that sound?"  
"My new privacy box, only $50 at  You should get 
one, too."

Another advantage: the spooks won't be able to tell a voice privacy 
modem from a computer modem.

>  - must talk with any similarly configured digital phone line.
PPP/HDLC/ISDN.  Already allows for interoperability with PPP/HDLC on
async modems, and has a long history of interoperability testing.

An advantage of digital could be an alternate negotiation on the 
signalling channel.  Eliminates the modem tone for digital to digital.

>  + a big plus would be to figure out how to use with currently deployed
> IP phones.  I'll note that Cisco phones load their firmware using TFTP,
> which I think is pretty insecure, so upgrades shouldn't be a problem,
> and might very well lead to a much better product....
Now, the question is where to put the encryption.  PPP has it.  IP has 
it.  But, I expect that VoIP/RTP would want it on the voice alone?

If you use standard ESP (IP), you need all the anti-clogging facilities 
anyway.  But ESP would defeat the Header Compression and add a huge 
amount of overhead.  Much more of a problem for 20 byte voice packets 
than for 1500 byte data packets.

Ryan Lackey wrote:
> These secure phones, if they don't interoperate with STE and define their own
> standards, have serious "network effects" problems.  I think the only way
> around it would be to have a free or low cost
> software/VoIP/VoIP-PSTN/voicemodem solution.  If you gave away or sold cheaply
> a software version, ....
Isn't there a sourceforge equivalent version of PGPfone?

Couldn't we just retrofit PGPfone to use VoIP?

We already have all the rest of the software installed (IP/PPP).

Greg Rose wrote:
> Not quite correct. They are dormant, but still exist, and the IP rights are
> for sale (including inventory).
Anybody know any details about their protocol?

Is it possible to sidestep their IP rights by using COTS?

William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list