[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Demexp-dev] zPhone of Philip Zimmermann
|
From: |
David MENTRE |
|
Subject: |
Re: [Demexp-dev] zPhone of Philip Zimmermann |
|
Date: |
Fri, 3 Feb 2006 16:37:53 +0100 |
Hello William,
2006/2/3, William D. Neumann <address@hidden>:
> That sound like it's based on (or possibly the same as, I'd have to reread
> the paper) a scheme presented by Serge Vaudenay at Crypto'05.
We will have to wait for some code or protocol description of zPhone
to answer that question.
> If anyone
> is interested, the paper can be found at
> <http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Vau05a>
Thank you for the reference.
I've not read the paper but the abstract says "The extra channel uses
a weak notion of authentication in which strings cannot be forged nor
modified, but whose delivery can be maliciously stalled, canceled, or
replayed." The requirement that "the extra channel [...] in which
strings cannot be forged nor modified" seems pretty difficult to me to
have on the Internet alone. If you establish a session key with a
Diffie-Hellman and if you have a man in the middle attack, the
established channel cannot be considered strong enough so that
messages cannot be changed during transport.
>From what I have understood of Zimmermann's scheme, the only channel
used is the insecure Internet itself, so Vaudenay's scheme seems a
different one to me. We will see...
Best wishes,
d.