Xref: utzoo comp.dcom.modems:9100 sci.crypt:4433 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!mcsun!ukc!tcdcs!dce.ie!ch From: ch@dce.ie (Charles Bryant) Newsgroups: comp.dcom.modems,sci.crypt Subject: Re: What do you think about security functions in modems? Message-ID: <1991Apr4.144615.22814@dce.ie> Date: 4 Apr 91 14:46:15 GMT References: <3888.27f10f22@hayes.uucp> Organization: Datacode Communications Ltd, Dublin, Ireland Lines: 51 In article <3888.27f10f22@hayes.uucp> tnixon@hayes.uucp asks for: >... your opinions on the usefulness, >effectiveness, and value of commonly-used techniques such as >call-back security (within a modem; I, for example, think it is more >effective when controlled by an external device so that incoming and >outgoing calls are on different lines), In many places callback is useless (in the modem) since the called party cannot clear the call. This dosen't stop customers from asking for it though! Even after this is explained to them. >encryption (built into the >modem, like data compression), The sci.crypt folks will probably be more likely to be qualified to comment on this, but I think end-to-end encryption is better. Particularly if each end is at least as powerful as a PC. However, just as with error correction, I think it many poeple would be more likely to use it if it is in the modem merely because its there. Obviously if encryption is external to the modem, compression in the modem is not much use. I happen to think its crazy to use compression in the modem when neither end is a terminal since it just shifts the bottleneck from the phone line to the PC->modem link but that dosen't stop people from running ZMODEM over a compressed link insteqad of compressing the file first. The same is likely to happen if encryption is added to modems - but, most of the people who use modem-based compression wouldn't use any other compression otherwise so it would probably be the same for encryption and some is better than none. >modem-based passwords (with the >exchange of information handled by the error control protocol, >possibly using an encrypted challenge/response system), etc. Again, it is probably better to do this end-to-end (and easier unless one end is just a terminal) but its cheaper to implement since a noticeable delay in verifying a password is not a disadvantage. >I'm >also interested in your opinion on whether new techniques such >as modem-based decoding of caller-ID information would be useful. That would be useful for other reasons (e.g. callback, routing of calls) so its probably worth having. (But I can see problems too: e.g. usual modem line fails, so user connects modem to his fax line and wonders why his outgoing calls get put through to fax machine instead of the remote modem). -- Charles Bryant (ch@dce.ie) -- If you like the opinions expressed in this message, they may be available for rent - contact your local sales office. Low interest deals available.