[Freedombox-discuss] FOAF developers taking FreedomBox into their equation
On Sat, 2011-03-12 at 16:20 -0500, Boaz wrote:
> This is something that I think ordinary people can actually do. You
> make a phone call, up on your screen it says ?clockwork pegasus?. You
> say ?hey Bob, does your screen say 'clockwork pegasus'??, and Bob
> responds ?yeah, mine says 'clockwork pegasus'?. And you only ever
> need to do this once, at any time during the phone call, on your first
> call or any subsequent call, to ensure that all your calls are secure.
> Ordinary people will not hold key signing parties, they will not.
> But I think they will do this.
> Now Zimmermann specifically had VoIP in mind, and he's been going
> around plugging ZRTP as a solution to VoIP security. And in this
> Zimmermann is being very short sighted. Once we've solved this
> difficult problem of authentication, why not use that as the basis to
> encrypt every kind of traffic? Sure, it has to start with VoIP, but
> after that there's no reason to use a different key exchange mechanism
> for other types of traffic.
David Sugar (of the GNU Telephony project) has written about applying
ZRTP-type social authentication to non-social protocols (even though
pure ZRTP would work in this case):
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: This is a digitally signed message part