As I recall from a note from Denning some months back, the bits of the LEEF (Law Enforcement Exploitation Field, its original and far more descriptive name) are spread out among the ciphertext in some unspecified way precisely to make it difficult or impossible to remove. Damn. Now I remember one of the points I meant to make in my NIST comments, but forgot: if the LEEF is added periodically to the ciphertext stream, that implies that the ciphertext data rate must be greater than the plaintext rate. And that precludes just dropping the Clipper chip into existing synchronous communication systems such as our CDMA digital cellular telephone system without *major* system redesign. Everything in our system is designed around four specific fixed frame "rates", specifically 16, 40, 80 or 171 bits every 20 ms: the vocoder, which generates these "frames", the CDMA modem, the Viterbi decoder, everything. Encryption that simply performs a 1-to-1 mapping between plaintext and ciphertext would be easy to add to this system. But an encryption chip that has to add something to each frame to encode an LEEF is useless to me. Anybody know if there is a "reply comments" cutoff date for the Clipper proposal? Under the rules that usually govern this sort of thing, if you can find someone else's comments on file that address the point you make, you can usually file "reply comments" that address this point beyond the original due date -- as long as it arrives by the "reply comments" date (usually a month or two later). Phil