Comment 1 for bug 1412444

Revision history for this message
Matthew Paul Thomas (mpt) wrote : Re: need to indicate when the cellular network connection is not encrypted

TS 100 920: http://www.etsi.org/deliver/etsi_ts/100900_100999/100920/08.00.01_60/ts_100920v080001p.pdf
GSM 02.07: http://www.etsi.org/deliver/etsi_gts/02/0207/05.00.00_60/gsmts_0207v050000p.pdf

As usual, "need" in the summary indicates that the problem is under-specified. What is the threat model here? Are we trying to protect users against interceptor cell towers? Are we trying to protect against anything else?
<http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls>

Assuming that interceptors are the only relevant threat:

1. What is the Type I error: About what percentage of voice calls or data connections, going through interceptors, are nevertheless encrypted? (This might be unknowable, but if it is known it would be useful.)

2. What is the Type II error: About what percentage of voice calls or data connections, going through legitimate cell towers, are unencrypted? (If the answer is depressingly high, it may be useful to compare with the gradual effort by Chrome to warn about unencrypted HTTP. <http://www.chromium.org/Home/chromium-security/marking-http-as-non-secure>)

3. Why would anyone use Signal or Telegram instead of relying on this encryption?

4. Which, if any, of the seven encryption algorithms are worthwhile? Are any of them so weak that it would be misleading to mark them as secure? (If so, we might present them as insecure, as with SHA-1 in HTTPS. <http://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html>)