koontzd@lrcs.loral.com (David Koontz ) writes:
The implication is that a counterfeit LEAF is detectible. As per FIPS Pub 185, The Escrowed Encryption Standard, a transmission or stream of data is preceded by the Cryptographic Protocol Field (CPF) which is registered to a particular application (Clipper phone - AT&T, for example). The CPF is used to determine where to find the LEAF, the LEAF Creation Method (LCM) and the Family Key (KF). Thus the CPF also identifies the manufacturer, or group of -------------------^^^^ manufacturers for a theoretically second sourced product, by identifying the data protocols of the encrypted data (RCELP in the case of AT&T).
I am confused by the word "thus". None of the three things in the CPF mentioned in the previous sentence (where to find the LEAF, the LCM, the KF (BTW, I thought the family key was a big secret?)) include the manufacturer or the data protocols in any apparent way. Are there more things in the CPF than the three you listed? Also, isn't it likely that RCELP will be widely used by all manufacturers to be compatible with AT&T, so in practice all will use the same protocol, and so this does not really identify the manufacturer? As for recognizing bogus LEAF's, this would be only after decrypting with the family key, right? This is not supposed to be done routinely, although it doesn't require access to the escrow database. It's true that if a family-key-decrypted LEAF using Blaze's rogue technique "stands out", that certainly could call unwelcome attention to the users of his ideas. Hal