Maybe It's Snake Oil All the Way Down

John Kelsey kelsey.j at ix.netcom.com
Tue Jun 3 10:42:01 EDT 2003


At 10:09 AM 6/2/03 -0400, Ian Grigg wrote:
...
>  (One doesn't hear much about
>crypto phones these days.  Was this really a need?)

I think phones that encrypt the landline part of the call are pretty 
low-priority for most of us, since it costs something to eavesdrop on these 
calls.  But anything that goes over the air, whether cellphone or cordless 
phone, ought to be properly encrypted, and it isn't now.  This is a big 
vulnerability in a lot of places, and once you've built the intercept and 
decrypting hardware, it's easy to eavesdrop on huge numbers of people.  You 
can imagine either rogue cops and spies doing this, or private criminals.

I keep wondering how hard it would be to build a cordless phone system on 
top of 802.11b with some kind of decent encryption being used.  I'd really 
like to be able to move from a digital spread spectrum cordless phone 
(which probably has a 16-bit key for the spreading sequence or some such 
depressing thing) to a phone that can't be eavesdropped on without tapping 
the wire.

And for cellphones, I keep thinking we need a way to sell a secure 
cellphone service that doesn't involve trying to make huge changes to the 
infrastructure, which probably means a call center that handles all contact 
with the cellphone itself, always encrypted.  Something like this would 
allow me to buy a phone and sign a contract, and quickly get real security 
on all my digital calls going over the air.  End-to-end encryption isn't 
nearly as important.  There's no reason it couldn't be supported, of 
course, when both endpoints had the right kind of phone, but it's a small 
additional value.  The big win is to stop spewing private conversations 
over the radio in the clear.

>iang

--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD  BBC8 2A80 6948 4CAA F259



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list