Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[The Register] GCHQ's CESG team's crypto proposal isn't dumb, it's malicious...

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1233
Joined: Wed Feb 05, 2014 3:47 am

[The Register] GCHQ's CESG team's crypto proposal isn't dumb, it's malicious...

Postby parityboy » Fri Nov 13, 2015 5:42 pm

Forgive me, everybody, for not realising the obvious – and for not realising why GCHQ's information security arm CESG's pet proposal RFC 6509 hasn't progressed.

The reason is simple: it's a damn stupid idea.

Here's the relevant quote: ”a user’s identity is their public key. Simply knowing a user’s phone number is enough to establish a secure communications link with them.

And here's why it's spectacularly stupid: a telephone number is not an identity of a person. It's an identity of a thing – a particular spot on a wiring harness in a telephone exchange that a bit of software associates with a number of a handset that can be used by anyone in the same place; or of a physical mobile phone (assuming that nobody's tricked it into presenting someone else's number); or of a SIP account that's completely disassociated from any physical artefact whatever.

The one thing that a phone number does not do is identify a person.

Of course, the same can be said of an IP address, that most-prized artefact that's apparently worth so much, anencephalic legislators listen to spooks who ghost-write their legislation and will die in a ditch to get their hands on meaningless identifiers.


Source

Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 7 guests

cron

Login