[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Demexp-dev] zPhone of Philip Zimmermann

From: David MENTRE
Subject: Re: [Demexp-dev] zPhone of Philip Zimmermann
Date: Fri, 3 Feb 2006 16:37:53 +0100

Hello William,

2006/2/3, William D. Neumann <address@hidden>:
> That sound like it's based on (or possibly the same as, I'd have to reread
> the paper) a scheme presented by Serge Vaudenay at Crypto'05.

We will have to wait for some code or protocol description of zPhone
to answer that question.

>  If anyone
> is interested, the paper can be found at
> <>

Thank you for the reference.

I've not read the paper but the abstract says "The extra channel uses
a weak notion of authentication in which strings cannot be forged nor
modified, but whose delivery can be maliciously stalled, canceled, or
replayed." The requirement that "the extra channel [...] in which
strings cannot be forged nor modified" seems pretty difficult to me to
have on the Internet alone. If you establish a session key with a
Diffie-Hellman and if you have a man in the middle attack, the
established channel cannot be considered strong enough so that
messages cannot be changed during transport.

>From what I have understood of Zimmermann's scheme, the only channel
used is the insecure Internet itself, so Vaudenay's scheme seems a
different one to me. We will see...

Best wishes,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]