Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

[The Register] GCHQ's CESG team's crypto proposal isn't dumb, it's malicious...

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
parityboy
ForumHelper
Posts: 905
Joined: Wed Feb 05, 2014 3:47 am

[The Register] GCHQ's CESG team's crypto proposal isn't dumb, it's malicious...

Postby parityboy » Fri Nov 13, 2015 5:42 pm

Forgive me, everybody, for not realising the obvious – and for not realising why GCHQ's information security arm CESG's pet proposal RFC 6509 hasn't progressed.

The reason is simple: it's a damn stupid idea.

Here's the relevant quote: ”a user’s identity is their public key. Simply knowing a user’s phone number is enough to establish a secure communications link with them.

And here's why it's spectacularly stupid: a telephone number is not an identity of a person. It's an identity of a thing – a particular spot on a wiring harness in a telephone exchange that a bit of software associates with a number of a handset that can be used by anyone in the same place; or of a physical mobile phone (assuming that nobody's tricked it into presenting someone else's number); or of a SIP account that's completely disassociated from any physical artefact whatever.

The one thing that a phone number does not do is identify a person.

Of course, the same can be said of an IP address, that most-prized artefact that's apparently worth so much, anencephalic legislators listen to spooks who ghost-write their legislation and will die in a ditch to get their hands on meaningless identifiers.


Source

Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 8 guests

Login