[cryptography] Silent Circle Takes on Phones, Skype, Telecoms
iang at iang.org
Fri Jul 11 07:18:49 EDT 2014
On 11/07/2014 11:27 am, James A. Donald wrote:
> On 2014-07-11 07:45, Kevin wrote:
>> On 7/10/2014 4:39 PM, John Young wrote:
> With silent circle, when Ann talks to Bob, does Ann get Bob's public key
> from silent circle, and Bob get Ann's public key from silent circle.
> If they do it that way, silent circle is a single point of failure which
> can, and probably will, be co-opted by governments.
> If they don't do it that way, how do they do it.
> Obviously we need a hash chain that guarantees that Ann sees the same
> public key for Ann as Bob sees for Ann.
> Does silent circle do that?
While I'm interested in how they're doing that, I'm far more interested
in how Ann convinces Bob that she is Ann, and Bob convinces Ann that he
is Bob. We left the OpenPGP/cert building a long time ago, we need more
than just 1980s PKI ideas with elegant proofs.
If they haven't got an answer to that question, then I'd wonder if the
product is a throwaway for real security purposes. (By throwaway, I
mean the drug dealer's trick of using each phone/sim for one call, then
dropping it in the river.)
ps; John's point is well taken. We don't have a way to escape success
being targetted. We don't have a way to pay for many small enclaves
with their own tech. We're stuck in a rocky business.
More information about the cryptography