> which would presumably make it perilous for them to reconvene again in secret
Only if they are unprepared. They can agree in advance a time and a location to meet when things go wrong. Then the only thing they have to broadcast on the radio is that the radios have been compromised and the backup protocol is active.
> there could be a 'dead-man switch' or emergency button on the radio that would send a revocation certificate to all the other soldiers' radios
I’m not sure i follow what you are saying. Are you proposing a button on the radio which removes that specific radio from the network? If so that can be much more easily, and reliably, done by zeroing the keys of that specific radio.
Just for context, on public safety/mil radios the user usually can't manage key material from within the UI of the radio: there's literally a distinct piece of hardware called a keyloader that's required to do it, e.g. https://www.motorolasolutions.com/en_us/products/p25-product... (or https://github.com/KFDtool/KFDtool if you're cool). Individual people in the field usually don't have this hardware. I think the poster you're replying to is suggesting in a roundabout manner a way for a user, knowing their radio is about to be compromised, to zero the keys without one of these boxes. It's been a while since I last dug around in cps astro, but istr that being a thing you could set up.
Spot on! That was indeed what I was imagining. If the soldier had to enter a PIN each day, for instance (a kind of dead man's switch), and assuming the enemy is abiding by the rules of war and thus can't compel a captured soldier to reveal it, there is absolutely nothing the enemy could do to prevent being locked out of the encryption after obtaining a radio.
I'm aware of the constraints inherent in designing equipment for this kind of demanding physical environment, but with reprogrammable chips being the norm rather than the exception, I'm really surprised that more modern cryptography isn't expected from these radios.
> I'm really surprised that more modern cryptography isn't expected from these radios
Military radios absolutely do have modern cryptography. That is half the reason why the NSA exists.
If you think you know better most likely you are wrong, or you are seeing some system which is held back so they can maintain compatibility with coalition forces.
You don’t need revocation certificates to zero out the key material of a radio. In fact it wouldn’t work reliably because it assumes all network participants are within radio range and listening when you want to zero your keys. Much more easy and reliable is to delete the key material localy on the radio. This zeroing can be also performed by a remote signal.
Only if they are unprepared. They can agree in advance a time and a location to meet when things go wrong. Then the only thing they have to broadcast on the radio is that the radios have been compromised and the backup protocol is active.
> there could be a 'dead-man switch' or emergency button on the radio that would send a revocation certificate to all the other soldiers' radios
I’m not sure i follow what you are saying. Are you proposing a button on the radio which removes that specific radio from the network? If so that can be much more easily, and reliably, done by zeroing the keys of that specific radio.