At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: ...
(One doesn't hear much about crypto phones these days. Was this really a need?)
I think phones that encrypt the landline part of the call are pretty low-priority for most of us, since it costs something to eavesdrop on these calls. But anything that goes over the air, whether cellphone or cordless phone, ought to be properly encrypted, and it isn't now. This is a big vulnerability in a lot of places, and once you've built the intercept and decrypting hardware, it's easy to eavesdrop on huge numbers of people. You can imagine either rogue cops and spies doing this, or private criminals. I keep wondering how hard it would be to build a cordless phone system on top of 802.11b with some kind of decent encryption being used. I'd really like to be able to move from a digital spread spectrum cordless phone (which probably has a 16-bit key for the spreading sequence or some such depressing thing) to a phone that can't be eavesdropped on without tapping the wire. And for cellphones, I keep thinking we need a way to sell a secure cellphone service that doesn't involve trying to make huge changes to the infrastructure, which probably means a call center that handles all contact with the cellphone itself, always encrypted. Something like this would allow me to buy a phone and sign a contract, and quickly get real security on all my digital calls going over the air. End-to-end encryption isn't nearly as important. There's no reason it couldn't be supported, of course, when both endpoints had the right kind of phone, but it's a small additional value. The big win is to stop spewing private conversations over the radio in the clear.
iang
--John Kelsey, kelsey.j@ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com