From what I've read, the basic Clipper chip provides no key management, and AT&T is going to use DH. If there is no key certification involved, wouldn't
this be vulnerable to active eavesdropping? In other words, cut the victim's phone line somewhere between his house and the central office. Connect up your tap. It just passes voice through, but when he goes secure, it breaks in and hijacks the key exchange. Instead of the two phones exchanging keys with each other, both exchange keys with your tap. Now you have two keys. Load each into a Clipper chip. Send the received data to one chip to decrypt, then to the other to encrypt with the other key, and send it on its way. Neither party would know he's being had - it is much like feeding someone a phony PGP key. The tap could use stock Clipper chips, with no need to reverse engineer, since they will be used for their intended purpose - to communicate with another Clipper at the far end. You could probably reduce it to a notebook computer and the guts of two AT&T ClipperPhones. There must be something to prevent this - isn't there? --- MikeIngle@delphi.com "Hey hey, NSA, how many phones did you tap today?"