
Insecure by design: protocols for encrypted phone calls - hendi_
https://www.benthamsgaze.org/2016/01/19/insecure-by-design-protocols-for-encrypted-phone-calls/
======
cmurf
What's frustrating for me is this obsession governments have with the
encryption aspect of cryptography, and the carelessness they have with the
authentication (signing) aspect of cryptography. If they break the former,
they break the latter. The authentication aspect should assure sender and
receiver both their mutual identities and the veracity of message content. If
any portion of that authenticity goes away, massive trust is lost. Signed
digital documents, legal or even everyday emails, is then broken. Both current
and historical documents are affected. Voice conversations and voicemail can
be recorded, modified, and rebroadcast - my conversation with a bank, a
broker, reciting my SSN, all of that can be used with a copy of my own voice
in ways that hurt me or other people and implicate me.

I'm convinced elements in governments are playing with matches. I don't know
that it's malicious, but at the least it's obliviousness.

It may be inevitable that this gets severely broken, and that's the thing to
plan for - the aftermath - not dissimilar to compsec practice of preparing for
infiltration by better protecting data itself rather than relying solely on
the idea of an impenetrable network.

------
DyslexicAtheist
great article would be nice if it concluded with a mention of "there are no
secure smartphones":
[https://news.ycombinator.com/item?id=10905643](https://news.ycombinator.com/item?id=10905643)

