From: Adam Back <aba@dcs.ex.ac.uk>
This is as others have noted cisco's doorbelling approach to GAK -- having routers and automated systems doing decryption, and allowing LEA either direct access (possibly in this case), or access via complicit operators.
One question which might help determins just how bad this Web TV thing is, is does it use the forward secret ciphersuites.
If it did use FS ciphersuites, if the LEA starts reading traffic after some point (by asking the WebTV operators to do so, or by using a special LEA operator mode), he can't get all old traffic.
The EDH (ephemeral DH) modes are forward secret because a new DH key is generated for each session.
Some of the RSA modes are forward secret, but only on export grade RSA key sizes (512 bit).
As it got export permission, I fear the worst. Perhaps even special LEA operator access.
Normally, an announcement of 128-bit crypto capabilities for a home computer would mean the user has control of said crypto. The WebTV computer: http://developer.webtv.net/docs/sysgde/Default.htm o WebTV supports connectivity to the ISP of your choice. o Internet access (PPP, PAP) o HTML 1.0; HTML 2.0; HTML 3.2; frames compatibility; JavaScript 1.2 o Image: GIF89a animation; JPEG; Progressive JPEG; PNG; TIFF-G3 fax in e-mail; X bitmap; Macromedia[tm] Flash 1.0 o Audio: AU; . WAV; Real Audio 1.0; 2.0; 3.0; AIFF; Shockwave[tm] Audio; GSM; MPEG-1 Audio; MPEG-2 Audio; MPEG Layer 3; MOD; General MIDI; MIDI Karaoke; Quicktime audio; Zip decompression o Video: PEG-1 Video; MPEG-3 Video; VideoFlash[tm] o Processor: 112/167 Mhz R4640 processor o Security: SSL version 2 and 3; 40bit and 128bit RC4 encryption; root certificates for GTE, RSA Data Security (VeriSign), Thawte, and VeriSign Class 3 digital certificates Can WebTV send end-to-end encrypted email to any other Net user? Nope. The press release claiming WebTV has 128-bit security is another low in advertising obtuseness. ---guy