Josh I will accept that the first two options are not really options for you, but an encryption proxy built into the phone is very practical solution to the problem and works. The reason why you want a proxy built into the phone and not just a unified client is that a proxy will work with any messaging system (including SMS) so long as it can identify that the other end is capable and then force OTR/ZRTP between them. So you could have encrypted messaging going via MSN, wechat, Qq SMS whatever. ZRTP standard also allows augmented data on the signalling which you can use to augment the hash from media generated keys and if your clever can be used to add all sorts of checks such as location or even public key so I would not dismiss it so easily.
As for option 2, it was used by various security services in Europe, but not so much these days unless you just want two non smart phones talking to each other using encrypted SMS. It is in fact more secure than anything you could do on your smartphone. The algorithms used were written in C, so could be used in a smart phone to encrypt SMS. In fact it was a proxy and proves SMS could be encrypted. Since most OS can be compromised by Fin Fisher perhaps the entire discussion is moot because no matter what YOU do on your smart phone, if you live in a country that uses gamma internationals system then your phone will be infected if your a person of interest , thus messaging encryption becomes meaningless and a mere false sense of security rather than real security. On 18 Jul, 2013, at 6:42 AM, Alan Miller <[email protected]> wrote: > Rot is not encryption but good enough for basic privacy for many people > especially if you use more than one algorithm with it, (Rot15(rot5(rot666))). > I would prefer a full encryption proxy and OTR3/ZRTP though. > > > On 18 Jul, 2013, at 6:33 AM, Alan Miller <[email protected]> wrote: > >> Josh I think you have 3 choices. >> >> ONE >> for SMS you could do unix ROT 13 a few times if you want to keep things >> private, although its not really encryption its good enough for most >> purposes and trivially easy to implement. >> >> https://en.wikipedia.org/wiki/ROT13 >> >> TWO >> Alternatively go buy some bladox SMS boards…your SIM plugs into them and >> then the whole thing plugs into the phone. >> >> THREE >> OR design an encryption proxy which will work on all unified messages, why >> not ? the whole trend is towards unified messaging, nothing stopping you >> from SMS encryption by that means. >> >> >> On 18 Jul, 2013, at 6:14 AM, Josh Leverette <[email protected]> wrote: >> >>> "Who uses SMS much anyway these days ? Its all IM." >>> >>> You have no idea how much I wish that were true. For me and my friends >>> though, it couldn't be further from the truth. All we use is SMS, >>> practically speaking. >>> >>> >>> On Wed, Jul 17, 2013 at 5:09 PM, Alan Miller <[email protected]> wrote: >>> Who uses SMS much anyway these days ? Its all IM. >>> We used to use small electronic boards from Bladox to encrypt SMS in the >>> past but that was before IM and smart phones. >>> There is very clear need for some kind of encryption proxy built into >>> Ubuntu that could provide point to point encryption. I have always liked >>> Phil Zimmermanns ZPHONE and how it worked. It sits in the protocol stack >>> and when it detects another ZPHONE it jumps up and opportunistically >>> encrypts using ZRTP. >>> The key is generated in the media stream and wiped afterwards so no public >>> key is needed, just verbal verification of the fingerprint strings. >>> >>> Two ubuntu phones no matter which service they used would be able to send >>> and receive encrypted messages or even audio point to point. >>> OTR can easily be implemented as well. >>> All that is needed is a way to announce to the world that you are capable >>> of encryption and to do that all you need is to transmit a character at the >>> beginning of each message and that can used to trigger OTR or ZRTP. >>> The fingerprint strings could be brought up to the UI easily enough at the >>> top like the battery or Wifi indicators and pulled down to view and verify. >>> >>> While we are on this topic, could someone get crypto.cat working on ubuntu >>> as an app ? >>> >>> On 18 Jul, 2013, at 3:26 AM, Marius Kotsbak <[email protected]> wrote: >>> >>>> They have given up individual SMS charging in Norway too. Also the content >>>> could be en compressed inside the encryption so that it might not require >>>> so many SMS-es. >>>> >>>> Den 17. juli 2013 21:08 skrev "Gianguido Sorà" <[email protected]> >>>> følgende: >>>> Exactly, in the USA there are unlimited SMS but in other countries there >>>> aren't. >>>> In Italy for example if an operator give 200/month is a great deal. >>>> I think that the XMPP approach is more useful, because (almost) free 3G/4G >>>> data access is more reliable and easy to use. >>>> >>>> Il giorno 17/lug/2013 20:57, "Josh Leverette" <[email protected]> ha >>>> scritto: >>>> I didn't say linking. Just breaking it up and sending them out. It's the >>>> user's choice. Encrypting it won't make it take up more space necessarily. >>>> If the user wants to send that many messages, they can. In a number of >>>> countries, SMS is unlimited. Here in the United States, all of the >>>> companies essentially gave up on charging for each message. It really is >>>> absolutely free for the cell company, and once one of them started >>>> offering unlimited SMS, none of the others could do any less and be >>>> competitive. Doing an XMPP system would work too, but that requires having >>>> a data connection, which should always be more expensive than SMS, >>>> realistically. I'm fine with it being XMPP, but the advantage of using SMS >>>> is that it works even when you barely have any signal, and SMS is dirt >>>> cheap compared to data, at least here in the United States. I can't speak >>>> about the rest of the world, but SMS as a technology is infinitely >>>> cheaper. Whether the company chooses to charge appropriately, that's up to >>>> them. >>>> >>>> >>>> On Wed, Jul 17, 2013 at 1:52 PM, Rasmus Eneman <[email protected]> wrote: >>>> Linking SMS cost money, you have to pay for every SMS. Also I'm pretty >>>> sure you only can link up to 4 SMSes. >>>> However an XMPP based service would still be better as key exchange may >>>> happen automagically. You have >>>> already broken the standard so why continue to use it when you only gets >>>> its limitations? >>>> >>>> >>>> 2013/7/17 Josh Leverette <[email protected]> >>>> Also, I don't see why encrypting SMS would be impossible. You don't send >>>> encrypted SMS to people who can't decrypt them. Since we're talking about >>>> asymmetric encryption anyways, then the only people you could even think >>>> of sending encrypted SMS to are people for whom you have a public key. If >>>> you don't have a public key for a contact, then obviously you have no >>>> method of encrypting a message to them. But, more importantly, you can >>>> always break up an SMS into multiple SMS as the need arises, so length >>>> isn't an issue as long as the user knows how many messages it will form. >>>> >>>> >>>> On Wed, Jul 17, 2013 at 1:36 PM, Mike Bybee <[email protected]> wrote: >>>> Well, SMS obviously can't do GPG due to character limits - however, there >>>> are dozens of varieties of secure SMS tools currently on Android. It seems >>>> that some variety encryption could be supported by the default client - >>>> much like OTR for Pidgin, etc. >>>> Not that it should default to it - that would be awful. But that it should >>>> be able to have an easy to enable option. >>>> >>>> There's a lot of people world wide mad about security right now - and if >>>> Ubuntu Touch can eventually ship with a good basic set of security >>>> options, it will appeal to people who otherwise might have no reason to >>>> use it. >>>> >>>> >>>> On Wed, Jul 17, 2013 at 11:30 AM, Rasmus Eneman <[email protected]> wrote: >>>> You can't have GPG on SMS as it can't handle that amount of characters. >>>> Also it would be stupid >>>> as no one can't receive GPG/PGP SMS. If this feature is realy wanted on >>>> Ubuntu to Ubuntu >>>> then implementing something like iMessage or Hangouts should be done using >>>> XMPP and bound >>>> to the Ubuntu One account. >>>> >>>> >>>> 2013/7/17 Mike Bybee <[email protected]> >>>> Thanks. I think with PRISM and it's various world-wide equivalents, we're >>>> all thinking about this. >>>> >>>> >>>> On Wed, Jul 17, 2013 at 11:08 AM, Josh Leverette <[email protected]> >>>> wrote: >>>> I'm still waiting on the actual native email client to be written. Once >>>> that happens, adding encryption should be relatively trivial. So, whenever >>>> that happens. >>>> >>>> >>>> On Wed, Jul 17, 2013 at 1:07 PM, Mike Bybee <[email protected]> wrote: >>>> Are there currently any plans to make sure the ubuntu mail app will >>>> support gpg or some other standard - and likewise for SMS? >>>> I know right now it just uses webmail, but I'm sure that's not the long >>>> term goal >>>> >>>> -- >>>> Thanks, >>>> Mike Bybee >>>> >>>> -- >>>> Mailing list: https://launchpad.net/~ubuntu-phone >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~ubuntu-phone >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> >>>> >>>> >>>> -- >>>> Sincerely, >>>> Josh >>>> >>>> >>>> >>>> -- >>>> Thanks, >>>> Mike Bybee >>>> -- >>>> Mailing list: https://launchpad.net/~ubuntu-phone >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~ubuntu-phone >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> >>>> >>>> >>>> -- >>>> Rasmus Eneman >>>> >>>> >>>> >>>> -- >>>> Thanks, >>>> Mike Bybee >>>> >>>> >>>> >>>> -- >>>> Sincerely, >>>> Josh >>>> >>>> >>>> >>>> -- >>>> Rasmus Eneman >>>> >>>> >>>> >>>> -- >>>> Sincerely, >>>> Josh >>>> >>>> -- >>>> Mailing list: https://launchpad.net/~ubuntu-phone >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~ubuntu-phone >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> >>>> -- >>>> Mailing list: https://launchpad.net/~ubuntu-phone >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~ubuntu-phone >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> -- >>>> Mailing list: https://launchpad.net/~ubuntu-phone >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~ubuntu-phone >>>> More help : https://help.launchpad.net/ListHelp >>> >>> >>> -- >>> Mailing list: https://launchpad.net/~ubuntu-phone >>> Post to : [email protected] >>> Unsubscribe : https://launchpad.net/~ubuntu-phone >>> More help : https://help.launchpad.net/ListHelp >>> >>> >>> >>> >>> -- >>> Sincerely, >>> Josh >> >
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
