Its important to realize what was really gained by this revelation- - some PR value - several months before fixed Clipper/Tessara chips become available I have no doubts that the problem that was revealed will be corrected. I'm not sure it was a good idea to reveal the weakness. Imagine how much worse it would be (in terms of PR) if lots of phones had been deployed before the flaw was found? On the other hand, it's possible the weakness was known and would have been (is being) corrected quietly. So, there is a small window in which to take advantage of the PR, and the delay in revised chip availablility. Unless there are some major defections in Congressional support because of this, I don't think much will change; Clipper will become a reality. A competing product could devastate it- yes, government subsidies & requirements might form the nucleus of support, but having to deal with NSA restrictions and sole sourcing of the chip makes it a real, expensive pain to turn it into a product. I don't think the revision will be completely trivial, either. The way these chips are built means a much more extensive verification process must be used- not just reburning a PROM. A standard micro and a standard encryption chip on the side (don't have the references here, but at HotChips there will be a paper on a 100kbit/sec Single Chip Modular Exponentiation Processor from Holger Orup of Aarhus Univ. Denmark) could make a viable, competing product. Note that I'm not volunteering or suggesting that one of you should go out and implement my great idea- just making predictions. ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, MS/305-3B * * 1 Infinite Loop * * Cupertino, CA 95014 baum@apple.com * **************************************************
Allen J. Baum says:
I have no doubts that the problem that was revealed will be corrected. I'm not sure it was a good idea to reveal the weakness. Imagine how much worse it would be (in terms of PR) if lots of phones had been deployed before the flaw was found?
Enormous investment has already been made. Furthermore, the EES design has provisions in the processor for only a 128 bit LEAF. Its hardly clear that they can just "patch" this in a few weeks. However, I'll note that Matt felt he had an obligation as a scientist to reveal the flaw and even to state in his paper how to fix it (although thats more or less obvious -- increase the checksum to 32 or 64 bits.)
So, there is a small window in which to take advantage of the PR, and the delay in revised chip availablility. Unless there are some major defections in Congressional support because of this, I don't think much will change; Clipper will become a reality.
I doubt that its that cut and dried. Unless they can convince congress to undertake a major legal change to make a discredited technology manditory, no one outside the government will use it. Perry
Enormous investment has already been made. Furthermore, the EES design has provisions in the processor for only a 128 bit LEAF. Its hardly clear that they can just "patch" this in a few weeks.
Perry
I wonder if companies and individuals out there can seek damages for the costs and delays of having to redesign systems? Assuming EES gets redesigned, companies ranging from AT&T to MIPS to Tim's Clipjack Consulting will presumably face product introduction delays, redesign efforts, etc. I know suing the government is generally hard, so this may be futile. But the redesign costs and delays may certainly piss off a lot of folks. AT&T has several camps opposed to EES (as we all know, from the comments of Blaze, Stewart, Bellovin, and others) and some camps supporting EES (AT&T Surety Systems, North Carolina, etc.), but this latest black eye may certainly tilt things further against the EES. And what happens if folks who've already _bought_ Clipper phones are not able to use them to communicate? What happens to the chips already shipped? It seems the Feds lose any way you cut it. If EES goes out as presently designed, workarounds will proliferate (not that EES ever looked like an especially economical scheme--costs were high). If EES gets replaced by EES II, delays and costs will mount. And so will bad will. I'm overjoyed. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
participants (3)
-
baum@newton.apple.com -
Perry E. Metzger -
tcmay@netcom.com