[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another view of the CFP




>Subject: Re: Another view of the CFP
>From: SINCLAIR  DOUGLAS N <[email protected]>
>In-Reply-To: <[email protected]>; from
>"bill.stewart@pleasant
>
>> The proposed standards I've seen on the net say you can't encrypt
>> *after* using Clipper, because that makes Clipper key-theft useless.
>> On the other hand, encryption with real systems before encrypting with
>> Clipper is undetectable until after they decrypt the Clipper, so it's
>> hard to enforce except on people who are already suspects,
>> and is unlikely to be convenient to implement (for interoperability)
>> on some of the major Clipper targets, like cellphones and fax machines.
>
>Makes sense, doesn't it?  When the whitehouse guy said that encryption
>below clipper was legal but not above, we thought he was confused.  However,
>we ACKed it with an NSA employee, and he confirmed it.  His reasoning went
>like this:  encryption below clipper can't be stopped, since one can just
>splice a cryptdec into the phone line.  Encryption on top of clipper is
>impossible since the clipper phone will only accept audio input.  No
>word on how that would effect clipper modems.
>
>Having said all this, I should note that the NSA employee was not acting
>in an official capacity, and that he was not directly working on clipper.

The AT&T Surety Communications Voice/Data Terminal  4100  is
an STUIII with a type IIIe (e for export, read clipper) cryptographic
algorithm, the model numbers for type I and type II STUIIIs are series
1000 and 2000 respectively.

AT&T Surity (tm)
Voice/Data Terminal 4100
For Sensitive,
Business Applications

    The AT&T Surity Voice/Data Terminal 4100 provides
    secure voice and data communications in one integrated
    package.

      It works both as a full-featured telephone for voice
    calls and as a smart modem for data applications.  Part
    of an AT&T familty of Surity products, the Voice/Data
    Terminal is compact and light enough to carry with you
    when you travel.

      Developed in conjunction with the U.S. Government's
    STU-III program, the Voice/Data Terminal 4100 is
    designed to protect domestic and internation business
    communications.

....

4100

Specifications:

Information protected

- Sensitive business and/or business-proprietary

User Community

- U.S. corporations             -  High tech manufacturing
- Multinational corporations
- Legal and financial
organizations

Security features

- Clipper encryption algorthin  - Display window for
- Secure Access Control           authentification identification
  System (SACS)                 - Information to create a call
- Auto-answer, auto-secure        audit trail
- Active and passive terminal   - Non-error propagating
  zeroization                   - Plain text inhibit

Key management

- Negotiated key                - Self-generated key
- Secret key
- Negotiated key with
  authentication

Voice modes

- Clear voice
- Secure voice
 [] 4.8 kbps full-duplex CELP   [] 2.4 kbps half-duplex
 [] 2.4 kpbs full-duplex           LPC10e
    LPC10e

Telephone features
...

Secure data operation modes

- 9.6 kbps full-duplex          - 2.4 kbps full-duplex
  sync/async                      sync/async
- 4.8 kbps full-duplex          - 2.4 kbps half-duplex sync
  sync/async

....

------

There are clipper phones that accept data.  This is probably the
one the DOJ buys.  Basing arguments on fallicies is counterproductive,
and is the sort of thing Tim May was talking about.