[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another view of the CFP
>Subject: Re: Another view of the CFP
>From: SINCLAIR DOUGLAS N <[email protected]>
>In-Reply-To: <[email protected]>; from
>"bill.stewart@pleasant
>
>> The proposed standards I've seen on the net say you can't encrypt
>> *after* using Clipper, because that makes Clipper key-theft useless.
>> On the other hand, encryption with real systems before encrypting with
>> Clipper is undetectable until after they decrypt the Clipper, so it's
>> hard to enforce except on people who are already suspects,
>> and is unlikely to be convenient to implement (for interoperability)
>> on some of the major Clipper targets, like cellphones and fax machines.
>
>Makes sense, doesn't it? When the whitehouse guy said that encryption
>below clipper was legal but not above, we thought he was confused. However,
>we ACKed it with an NSA employee, and he confirmed it. His reasoning went
>like this: encryption below clipper can't be stopped, since one can just
>splice a cryptdec into the phone line. Encryption on top of clipper is
>impossible since the clipper phone will only accept audio input. No
>word on how that would effect clipper modems.
>
>Having said all this, I should note that the NSA employee was not acting
>in an official capacity, and that he was not directly working on clipper.
The AT&T Surety Communications Voice/Data Terminal 4100 is
an STUIII with a type IIIe (e for export, read clipper) cryptographic
algorithm, the model numbers for type I and type II STUIIIs are series
1000 and 2000 respectively.
AT&T Surity (tm)
Voice/Data Terminal 4100
For Sensitive,
Business Applications
The AT&T Surity Voice/Data Terminal 4100 provides
secure voice and data communications in one integrated
package.
It works both as a full-featured telephone for voice
calls and as a smart modem for data applications. Part
of an AT&T familty of Surity products, the Voice/Data
Terminal is compact and light enough to carry with you
when you travel.
Developed in conjunction with the U.S. Government's
STU-III program, the Voice/Data Terminal 4100 is
designed to protect domestic and internation business
communications.
....
4100
Specifications:
Information protected
- Sensitive business and/or business-proprietary
User Community
- U.S. corporations - High tech manufacturing
- Multinational corporations
- Legal and financial
organizations
Security features
- Clipper encryption algorthin - Display window for
- Secure Access Control authentification identification
System (SACS) - Information to create a call
- Auto-answer, auto-secure audit trail
- Active and passive terminal - Non-error propagating
zeroization - Plain text inhibit
Key management
- Negotiated key - Self-generated key
- Secret key
- Negotiated key with
authentication
Voice modes
- Clear voice
- Secure voice
[] 4.8 kbps full-duplex CELP [] 2.4 kbps half-duplex
[] 2.4 kpbs full-duplex LPC10e
LPC10e
Telephone features
...
Secure data operation modes
- 9.6 kbps full-duplex - 2.4 kbps full-duplex
sync/async sync/async
- 4.8 kbps full-duplex - 2.4 kbps half-duplex sync
sync/async
....
------
There are clipper phones that accept data. This is probably the
one the DOJ buys. Basing arguments on fallicies is counterproductive,
and is the sort of thing Tim May was talking about.