[143217] in cryptography@c2.net mail archive
Re: Obama's secure PDA
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Fri Jan 30 13:45:14 2009
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: Cryptography List <cryptography@metzdowd.com>
In-Reply-To: <p0624080fc5a3941e7919@[10.20.30.158]>
Date: Thu, 29 Jan 2009 23:17:57 -0500
Multiple responses inline:
On Jan 26, 2009, at 11:26 AM, Paul Hoffman wrote:
> I too would like to hear more information on this, particularly the =20=
> crypto that is known to be used on the Edge.
See sections 'Secure Speech Processing' and 'Interoperability' of =
<http://www.gdc4s.com/documents/GD-Sectera_Edge-w.pdf=20
>. The standard suites are used, as one would expect.
On Jan 26, 2009, at 4:56 PM, Jerry Leichter wrote:
> The FAQ, indirectly, answers the your previous question of why only =20=
> Secret for email: Data-at-rest is encrypted using AES, which is =20
> only approved for Secret, not Top Secret, data.
This isn't the case; AES is approved for Top Secret with 192- or 256-=20
bit keys, per <http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf>.
On Jan 26, 2009, at 9:26 PM, Steven M. Bellovin wrote:
> Quite simply, voice offers one service -- voice. Data offers many =20
> services, and hence many venues for data-driven attacks: email =20
> (which includes many MIME types) and probably clicking on URLs, web =20=
> (which includes HMTL, gif, jpeg, perhaps png, and almost certainly =20
> Javascript), and perhaps data files including pdf, Word, Powerpoint, =20=
> and Excel. Any one of those data formats is far more complex than =20
> even compressed voice; the union of them makes me surprised it can =20
> handle even Secret data... Note especially that HTML involves =20
> IFRAMEs and third-party images, which means inherent cross-domain =20
> issues.
I've thought about this, but I don't buy it. I'm a heavy user of =20
wireless e-mail, but I use it as nothing more than a SMTP-addressable =20=
SMS service without a length limit. In other words, people can send me =20=
messages from a computer and not just from a mobile handset (true in =20
the other direction, too), and I can read and write more than 160 =20
characters at a time.
I'd find mobile e-mail just as useful if it went through a proxy that =20=
stripped out _everything_ that's not plaintext. I open attachments on =20=
my phone about once in a blue moon, and wouldn't miss the ability if =20
it were gone.
Cheers,
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
