Maybe It's Snake Oil All the Way Down
John Kelsey
kelsey.j at ix.netcom.com
Tue Jun 3 10:42:01 EDT 2003
At 10:09 AM 6/2/03 -0400, Ian Grigg wrote:
...
> (One doesn't hear much about
>crypto phones these days. Was this really a need?)
I think phones that encrypt the landline part of the call are pretty
low-priority for most of us, since it costs something to eavesdrop on these
calls. But anything that goes over the air, whether cellphone or cordless
phone, ought to be properly encrypted, and it isn't now. This is a big
vulnerability in a lot of places, and once you've built the intercept and
decrypting hardware, it's easy to eavesdrop on huge numbers of people. You
can imagine either rogue cops and spies doing this, or private criminals.
I keep wondering how hard it would be to build a cordless phone system on
top of 802.11b with some kind of decent encryption being used. I'd really
like to be able to move from a digital spread spectrum cordless phone
(which probably has a 16-bit key for the spreading sequence or some such
depressing thing) to a phone that can't be eavesdropped on without tapping
the wire.
And for cellphones, I keep thinking we need a way to sell a secure
cellphone service that doesn't involve trying to make huge changes to the
infrastructure, which probably means a call center that handles all contact
with the cellphone itself, always encrypted. Something like this would
allow me to buy a phone and sign a contract, and quickly get real security
on all my digital calls going over the air. End-to-end encryption isn't
nearly as important. There's no reason it couldn't be supported, of
course, when both endpoints had the right kind of phone, but it's a small
additional value. The big win is to stop spewing private conversations
over the radio in the clear.
>iang
--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list