At 11:50 AM 11/22/96 -0800, Sean Roach wrote:

At 09:10 AM 11/21/96 -0500, Clay Olbon II wrote:

...

A while back, Eric Blossom posted a URL for a mass-market, phone encyrption device (http://www.comsec.com/)...

At first this seemed to be a challenging goal as public key encryption (at least the type of which I am aware) requires a public key ring, but then I thought, what would be the point in real time communitation?

Both Eric's product and PGPhone use Diffie-Hellman key exchange. They protect against man-in-the-middle attacks by displaying (part of) the resulting symmetric key and having the phone's users verify they are both working with the same key in the conversation. Until the AIs/eavesdroppers get good enough to imitate a person on the phone, this verification technique is good enough. ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz@netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA