John Deters wrote:
At 01:15 PM 10/10/97 +0100, Adam Back you wrote:
Persistence authentication suggestion: A way to use the fact that you have had one or more non-MITM'd calls is for the unit to remember the number and exchange a secret with the called unit inside the encryption envelope.
I agree with you that external authentication is the only way to fly. And if it is simply accepted, lets let Eric's unit survive unmolested and use PGP out-of-band (as per Monty's suggestion) or use PGP to exchange session keys (like in Speak Freely.)
I also think the most likely avenue of attack will be a black bag job on the individual user's phone. MITM attacks seem too risky and expensive to pay off.
I'm not a subscriber to the CypherPunks list, but I have been monitoring the emissions from John's computer screen, and I would just like to say that I agree with him, wholeheartedly. I often tell my superiors that there are much better ways to be spending taxpayer money. I am not alone in my agreement with most of what is being said in this thread. The spook supplying heroin to Adam Back's lover agrees with most of this thread, as does the spook peeking through Eric's window (although she disagrees with the suggestion to "let Eric's unit survive unmolested"). The one exception is the grandson of Patton who is doing surveillance on Monty. His method is quite simply to beat Monty to the phone. Spooky (isn't it?)