Cabel TV's new specs require leaky encryption
Cablelabs, a reasearch institute for US cable companies, whose members provide 85% of the cable service in the US and 70% in Canada, has release their "Request For Proposals for a Telecommunications Delivery System over a Hybrid Fiber/Coax (HFC) Architecture" This RFP contains the final specs for a new multimedia architecture the cable companies intend to deploy. Here are some quotes: ".c4.11.7.1.1 Security System Objectives: The Offeror shall specify [..] whether it is possible to hide information in the digital signature number of which the signer would be unaware, which could conceal information. " Such as parts of the key? and under .c3.11.7.2 Privacy: " It should be possible to manage encryption keys and provide them to law enforcement agencies on demand." Big Brother is watching you. Through your TV. The full doccument is available at ftp://ftp.cablelabs.com//pub/RFIs/Telecom_RFP.MSWord -- Lucky Green <shamrock@netcom.com> PGP public key by finger
Things seem awfully quiet on the list the past 24 hours.... Lucky Green wrote:
This RFP contains the final specs for a new multimedia architecture the cable companies intend to deploy. ... ".c4.11.7.1.1 Security System Objectives: The Offeror shall specify [..] whether it is possible to hide information in the digital signature number of which the signer would be unaware, which could conceal information. "
Such as parts of the key?
This sounds like it's a concern about subliminal channels in the DSS/DSA signatures, a la the concerns raised by Gus Simmons last year. I don't know what the use would be, unless it's concern (by whom?) that viewing preferences could be back-propagated.
and under .c3.11.7.2 Privacy: " It should be possible to manage encryption keys and provide them to law enforcement agencies on demand."
Well, this definitely fits with other signs that the Feds have been "jawboning" with various industry groups. Key escrow, or "GAK." If they're putting this kind of thing into their spec plans, somebody has "suitably incentivized" them to. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
".c4.11.7.1.1 Security System Objectives: The Offeror shall specify [..] whether it is possible to hide information in the digital signature number of which the signer would be unaware, which could conceal information. "
Such as parts of the key?
Yup, that's why you always want to know who implemented your authentication scheme. But the fact that an algorithm is capable of doing sumliminal messaging does not speak badly about it. In fact, I think it is an extremelly good sign that this was placed in the RFP. It shows that they are aware of the potential problem and are trying to avoid it (IMNSHO). If a cable company actually tried to leak your key in this manner, it would create an enourmous potential liability for them.
and under .c3.11.7.2 Privacy: " It should be possible to manage encryption keys and provide them to law enforcement agencies on demand."
Cable companies would like to offer some services as a common carrier (although they clearly want avoid having the entirety of their business designated as such). That means that they are going to have to comply with the digital telephony act. Cheers, Jason W. Solinsky
participants (3)
-
shamrock@netcom.com -
solman@MIT.EDU -
tcmay@netcom.com