[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cabel TV's new specs require leaky encryption



> ".c4.11.7.1.1  Security System Objectives:
>  The Offeror shall specify [..] whether it is possible to hide information
> in the digital signature number of which the signer would be unaware, which
> could conceal information. "
> 
> Such as parts of the key?

Yup, that's why you always want to know who implemented your
authentication scheme. But the fact that an algorithm is capable
of doing sumliminal messaging does not speak badly about it. In
fact, I think it is an extremelly good sign that this was placed
in the RFP. It shows that they are aware of the potential problem
and are trying to avoid it (IMNSHO). If a cable company actually
tried to leak your key in this manner, it would create an enourmous
potential liability for them.

> and under .c3.11.7.2    Privacy:
> " It should be possible to manage encryption keys and provide them to law
> enforcement agencies on demand."

Cable companies would like to offer some services as a common carrier
(although they clearly want avoid having the entirety of their business 
designated as such). That means that they are going to have to comply
with the digital telephony act.

Cheers,

Jason W. Solinsky