At 05:45 PM 11/20/2003 -0800, Bill Frantz wrote:
At 4:40 PM -0800 11/20/03, Ralf-P. Weinmann wrote:
... There should be a means to cache credentials after an initial trust relationship between communicating parties has been established. Cache entries would be a way for someone who obtains the phone to be able to trace your contacts. (So would a in-phone address book.) Automatic authentication also might make it easier to spoof the phone's owner.
If you've got an in-phone address book, might as well let the user cache some randomly-generated password string with it. That doesn't protect you against someone stealing the phone, but it means you've got an authentic connection to your co-conspirator's stolen phone rather than to somebody else's phone. If your threat model assumes that they can trick your phone into doing things, you're already toast anyway. If you're worried that Interpol will subpoena your phone and show that the "Alice" and "Bob" passwords in your phone correspond to Alice the Narc and Bob, your prisoner's-dilemma ex-co-conspirator who's busy ratting you out, they can probably do the same thing just from the phone numbers (IP or otherwise.)