Anders Rundgren wrote:
I'm looking for a system that offers authenticated and confidential
messaging which would among things include mobile phone voice messaging.
If such system would require users to trust certificates and stuff, it will
fail.
Our current only alternative is the trusted provider concept.
Well, I don't see that. PGP and Skype both offer authenticated +
confidential messages, without the "certificate" side of things. They
do it conceptually by tightly binding the keys to the user, and having
each user authenticate their handles directly to each other.
(Ignoring the implementation details ... obviously the different actual
networks work better or worse.)
An old military secure phone trick was to read off the numbers displayed
on the phone. This is using a different channel -- voice -- to
authenticate the numbers which then authenticate the commsec.
A problem with this sort of work is that people take the security model
from a text book and then try and implement it without complaint. This
doesn't really work, as the target audience generally have a different
model of security, sometimes mildly different, sometimes wildly
different. This syndrome is sometimes encapsulated in WYTM? or What's
your threat model?
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
