[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] FOAF developers taking FreedomBox into their equation

On Sat, 2011-03-12 at 16:20 -0500, Boaz wrote:
> This is something that I think ordinary people can actually do.  You
> make a phone call, up on your screen it says ?clockwork pegasus?.  You
> say ?hey Bob, does your screen say 'clockwork pegasus'??, and Bob
> responds ?yeah, mine says 'clockwork pegasus'?.  And you only ever
> need to do this once, at any time during the phone call, on your first
> call or any subsequent call, to ensure that all your calls are secure.
>  Ordinary people will not hold key signing parties, they will not.
> But I think they will do this.
> Now Zimmermann specifically had VoIP in mind, and he's been going
> around plugging ZRTP as a solution to VoIP security.  And in this
> Zimmermann is being very short sighted.  Once we've solved this
> difficult problem of authentication, why not use that as the basis to
> encrypt every kind of traffic?  Sure, it has to start with VoIP, but
> after that there's no reason to use a different key exchange mechanism
> for other types of traffic. 

David Sugar (of the GNU Telephony project) has written about applying
ZRTP-type social authentication to non-social protocols (even though
pure ZRTP would work in this case):


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110312/2dc1f214/attachment.pgp>

Reply to: