Re: Zfone security
- From: "Joseph Ashwood" <ashwood@xxxxxxx>
- Date: Wed, 20 Dec 2006 05:09:01 GMT
"Peter Fairbrother" <zenadsl6186@xxxxxxxxx> wrote in message
news:C1ADD9CF.D8C97%zenadsl6186@xxxxxxxxxxxx
Joseph Ashwood wrote:
There are a number of issues with this, I'll just take them from when I
first realized them, I will be chopping up what Peter said beyond all
recognition.
"Peter Fairbrother" <zenadsl6186@xxxxxxxxx> wrote in message
news:C1AC5CC3.D89D8%zenadsl6186@xxxxxxxxxxxx
Zfone
[no] PKI
using DH
There is obviously a misunderstanding of the base concept here. Most
likely
what has been mistakenly referred to as not PKI is the web-of-trust that
Zimmerman has used before, this is PKI. It is just that the WoT is
usually
considered to fundamentally differ from the Hierarchical Trust System
commonly referred to as PKI, there is actually no such difference.
It doesn't use WoT. Initially it uses a short spoken authenication phrase
derived from the DH secret for authentication - presumably you racognise
the
caller's voice, ar at least the voice used for the authentication is the
voice used in the rest of the call.
I still don't see where it would be more efficient than signed ephemeral
keys, or even long term keys with added entropy in distillation. The only
issue I see is that by doing this it might actually become useful for making
calls. Perhaps it would be useful to know what kind of calling I do, I call
as many as 100 different people a day, and rarely the same person twice in
the same week, most of the time I'm calling people where I barely know their
name let alone their voice. Signed ephemeral keys would give me a way to
look up a user, building a functional, even if insecure, WoT/hierarchical.
subsequent calls - shared secret.
This does seem a bit redundant to me, since a PII-300 can perform a
4096-bit
DH key exchange in less than a second, even on a 56k modem that
historically
handles voice extremely poorly the key exchange would be less than a
second
total. Also considering that the user is likely to be expecting about a
1sec
delay anyway (much like they create on the landline and mobile phone
networks), I don't see the point.
I think it's meant for people who are too indisciplined to use the
authentication phrase. Or perhaps to defeat the use of voice synthesisers.
I
emailed PZ about a version which forces the use of the authentication
phrase
and which didn't keep any shared secrets, but he hasn't replied.
I think that would be a step in the wrong direction, the problem of people
we know communication has been solved, the problem of people we don't is
where there are problems to be solved. An Always-Auth system would become
too cumbersome for wisespread use, you'd be basically back at the old
argument "It's an anonymous email" "But you're the only one using it"
In exchange for this cumbersome behavior you gain???? I don't see anything
you gain.
Joe
.
- Follow-Ups:
- Re: Zfone security
- From: Paul Rubin
- Re: Zfone security
- References:
- Zfone security
- From: Peter Fairbrother
- Re: Zfone security
- From: Joseph Ashwood
- Re: Zfone security
- From: Peter Fairbrother
- Zfone security
- Prev by Date: Re: Edible One-Time Pad books
- Next by Date: Re: How random is RNGCryptoServiceProvider?
- Previous by thread: Re: Zfone security
- Next by thread: Re: Zfone security
- Index(es):
Relevant Pages
|
|
