[Freedombox-discuss] FOAF developers taking FreedomBox into their equation
Ted Smith
tedks at riseup.net
Sun Mar 13 02:17:04 UTC 2011
On Sat, 2011-03-12 at 16:20 -0500, Boaz wrote:
> This is something that I think ordinary people can actually do. You
> make a phone call, up on your screen it says “clockwork pegasus”. You
> say “hey Bob, does your screen say 'clockwork pegasus'?”, and Bob
> responds “yeah, mine says 'clockwork pegasus'”. And you only ever
> need to do this once, at any time during the phone call, on your first
> call or any subsequent call, to ensure that all your calls are secure.
> Ordinary people will not hold key signing parties, they will not.
> But I think they will do this.
>
> Now Zimmermann specifically had VoIP in mind, and he's been going
> around plugging ZRTP as a solution to VoIP security. And in this
> Zimmermann is being very short sighted. Once we've solved this
> difficult problem of authentication, why not use that as the basis to
> encrypt every kind of traffic? Sure, it has to start with VoIP, but
> after that there's no reason to use a different key exchange mechanism
> for other types of traffic.
David Sugar (of the GNU Telephony project) has written about applying
ZRTP-type social authentication to non-social protocols (even though
pure ZRTP would work in this case):
<http://ubuntuwicohan.blogspot.com/2010/09/beyond-social-key-verification.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110312/2dc1f214/attachment.pgp>
More information about the Freedombox-discuss
mailing list