Newsgroups: sci.crypt,alt.privacy,comp.security.misc,comp.speech,alt.privacy.clipper,talk.politics.crypto
Path: cantaloupe.srv.cs.cmu.edu!rochester!udel!gatech!howland.reston.ans.net!ix.netcom.com!netcom.com!phr
From: phr@netcom.com (Paul Rubin)
Subject: Re: ANNOUNCE: Nautilus 0.9.1
Message-ID: <phrD91r48.G8K@netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
References: <D8yzrD.CJD@lila.com> <801244621snz@eloka.demon.co.uk>
Date: Tue, 23 May 1995 19:50:32 GMT
Lines: 31
Sender: phr@netcom14.netcom.com
Xref: glinda.oz.cs.cmu.edu sci.crypt:39190 comp.security.misc:17987 comp.speech:5698

In article <801244621snz@eloka.demon.co.uk>,
Owen Lewis  <oml@eloka.demon.co.uk> wrote:

>Since i annd my ik are demed unfit to be allowed Nautilus, it is
>difficult to comment meaningfully but i hope that the following may
>be of sme real help.
>
>from a number of conversations etc. i understand that voice authentication
>plays an important part in the Nautilus preliminary call negotiation. 

No, the current version of Nautilus uses secret passphrases as
encryption keys.  You have to agree on the passphrase with the other
person beforehand somehow (in person, by PGP, or whatever).  Then if
the other person can talk to you at all using Nautilus, that's
supposed to mean s/he must be using the same passphrase as you.  (But
a bug in the protocol of version 0.9.0 allowed an attacker to talk to
you without knowing the passphrase, by modifying the program; it also
allowed an active "man-in-the-middle" attack.  We had thought about
such things when designing the protocol but overlooked a simple case
:-( ).

>Voice authentication in electronic communication is gravely
>suspect. Spoofing of authentication techniques is often something of
>problem. Voice spoofing has been regularly practiced over many years
>and it gets easier all the time.  Those with a particular security
>background know this well. Therefore one is led to expect that those
>designing Nautilus do not have the background knowledge that would
>preclude such an approach from any high security system.

This is an interesting claim (believeable though).  If you could
post references I'd like to check into them.
