[1679] in cryptography@c2.net mail archive
Re: Legislation is useless
daemon@ATHENA.MIT.EDU (Phil Karn)
Thu Oct 2 11:19:11 1997
Date: Thu, 2 Oct 1997 03:42:31 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: azur@netcom.com
CC: marc@cygnus.com, perry@piermont.com, cryptography@c2.net
In-reply-to: <v03102804b04f4d38ab1b@[10.0.2.15]> (message from Steve Schear on
Wed, 24 Sep 1997 16:21:39 -0700)
>There's obviously a legal/political component. If I were a manufacture I'd
>be very weary of 'tickling the dragon's tail.' On the other hand,
>engineers in these companies with a libertarian bent would want to wait
>till as many of their phones which could easily accomodate crypto were
>deployed (making recall and control all but impossible) before leaking the
>firmware/hardware changes.
Don't forget that a cell phone, by itself, is totally useless. It
needs a base station, even to talk to another cell phone right next to
it. And while it may seem hard to patch the firmware in a cell phone,
that's nothing compared to patching a base station owned by an
uncooperative or disinterested telco.
>I don't agree. One of the primary pacing items is the availability of
>TCP/IP packet data via the digital cellular networks with the required
>speed and latency characteristics. Another is a subscriber instrument
>high-speed data or PC card port. I'm not sure how many of the phones which
>support voice and data can be modified through firmware changes alone to
>handle the crypto.
Quite right. The only way we'll ever get meaningful voice privacy over
cellular is to do it end-to-end over a generic data service.
Unfortunately, the carriers don't seem to be interested in rolling out
generic CDMA digital cellular data services any time soon. You
wouldn't believe the nits they keep picking. For example, they insist
that the user *must* have a static IP address that he can roam with;
they're completely unfazed by the fact that the vast majority of
retail dialup ISP users seem to do just fine with temporary
PPP-assigned IP addresses. And never mind that anyone who really needs
mobility can implement Mobile IP. No, we *have* to spend several more
years "leveraging their CDPD investment" before they'll even *begin*
to roll out a CDMA packet data service...
Ahem. Please excuse me. Just venting. But I think it gives you a feel
for the way telcos think, and why you must not underestimate what a
suitably motivated and talented individual can accomplish when he is
unencumbered by an "installed base", politics and a thoroughly
Dilbert-ized corporate structure.
Phil
