At 01:15 PM 10/10/97 +0100, Adam Back you wrote:
Persistence authentication suggestion: A way to use the fact that you have had one or more non-MITM'd calls is for the unit to remember the number and exchange a secret with the called unit inside the encryption envelope.
The problems with this solution are twofold: 1. Eric may have to redesign the unit to have persistent read-write storage. And maybe a *lot* of storage, if you use it a lot. Maybe a lot of expen$ive $torage at that. His phone is already priced way out of the consumer market, let's not add to that. 2. I had problems with UUCP when my machines got out of sync (way back when.) Just think how bad they'll look if they refuse to light up "secure" because one guy had to change batteries. I agree with you that external authentication is the only way to fly. And if it is simply accepted, lets let Eric's unit survive unmolested and use PGP out-of-band (as per Monty's suggestion) or use PGP to exchange session keys (like in Speak Freely.) I also think the most likely avenue of attack will be a black bag job on the individual user's phone. MITM attacks seem too risky and expensive to pay off. John -- J. Deters "Don't think of Windows programs as spaghetti code. Think of them as 'Long sticky pasta objects in OLE sauce'." +--------------------------------------------------------------------+ | NET: mailto:jad@dsddhc.com (work) mailto:jad@pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'36"N by 93^16'27"W Elev. ~=290m (work) | | For my public key, send mail with the exact subject line of: | | Subject: get pgp key | +--------------------------------------------------------------------+