GSM & A5
Ken Brown
k.brown at ccs.bbk.ac.uk
Tue, 29 May 2001 13:51:25 +0100
Peter Fairbrother wrote:
> > Who runs it? How do you/I/she trust him?
>
> It doesn't matter who runs it, you don't have to trust them, just pay them.
> It's probably a good idea to have lots of mirrors, to prevent some DoS,
> spoofing and meaconing attacks.
> Simply: Alice sends her present number encrypted with her key to the
> database, Bob asks the database for Alice's encrypted number and decrypts
> it. If he hasn't got Alice's key then he can't decrypt it and find out her
> number.
It sounds a lot like DNS to me :-)
Alice's key is what you need to phone her the "phone number" is just an
internal representation used by the system. So Alice will have exactly
the same issues about distributing her key as she used to with her phone
number.
Of course it could be used to ensure that all messages were encrypted -
if you want t0 mail Alice you have to use her key to get the address,
Ken