end-to-end crypto for mobile voice (Re: Wired: Echelon Furor Ends in a Whimper)

[Adam Back]

I always thought cell phones with Infra Red transceivers such as Nokia 6110
series would be an interesting and very practical way to build a WoT.  You
would build up WoT binding phone numbers and names to keys by key signing
done in person phone to phone via the IR link.  You can already beam and SMS
(I think) phone book entries, which would then have the additional property
of acting as a signed introducer.

The real problem is political I suspect.  The wireless industry is proably
politically unwilling to provide end-to-end crypto due to closed door secret
service lobbying.

I figure the first moderately wide spread end-to-end crypto for mobile voice
will be when there is enough computing power, bandwidth available and
sufficiently open development platform for such devices as we move towards
the merge of PDAs, laptops and cell-phones.

If someone got lucky perhaps an exploit in remote update security on such
devices could even be used as a grass-roots deployment vector to upgrade the
crypto, and fix the exploit (to prevent subsequent crypto downgrade).

Adam

On Sun, Jul 22, 2001 at 12:35:25AM +0000, David Wagner wrote:
> I think it might not be so hard as you imagine, in some contexts. Consider
> what it would take to institute universal end-to-end encryption for
> cellphones to protect against passive eavesdropping. The technological
> infrastructure is well within our reach, and it doesn't require a global
> PKI where every cellphone user must have a certified public key.