SourceForgive me, everybody, for not realising the obvious – and for not realising why GCHQ's information security arm CESG's pet proposal RFC 6509 hasn't progressed.
The reason is simple: it's a damn stupid idea.
Here's the relevant quote: ”a user’s identity is their public key. Simply knowing a user’s phone number is enough to establish a secure communications link with them.
And here's why it's spectacularly stupid: a telephone number is not an identity of a person. It's an identity of a thing – a particular spot on a wiring harness in a telephone exchange that a bit of software associates with a number of a handset that can be used by anyone in the same place; or of a physical mobile phone (assuming that nobody's tricked it into presenting someone else's number); or of a SIP account that's completely disassociated from any physical artefact whatever.
The one thing that a phone number does not do is identify a person.
Of course, the same can be said of an IP address, that most-prized artefact that's apparently worth so much, anencephalic legislators listen to spooks who ghost-write their legislation and will die in a ditch to get their hands on meaningless identifiers.
Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
1 post • Page 1 of 1