David Wagner wrote: | The *real* challenge: how do you support sender- and recipient- anonymous | phone calls with strong security? Have fun. Caller calls 1-900-stopper via an international callback service. Caller uses Stopper to reach callee's phone number. Callee, taking responsibility for their own privacy, uses a forward that she placed on a pay phone in Grand Central to a cheese box* in the Seychelles to her real phone. Oh, you want authentication and MITM protection? Only caller<-->callee needs authentication, for the DH key that they share for the call. The other encryption is point to point transport layer stuff; its nice that its there, but a MITM can listen in, and only get one or two phone #s. The chain is as strong as its strongest link, namely the photuris style authentication of the caller<->callee. (A cheese box is a forwarder that works outside of the switch; call #1, it dials #2, then connects it to line 1. So called because the first one the police found was in a cheese box.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume