On Sun, Mar 08, 1998 at 01:55:29PM -0500, Vin McLellan wrote:

Whoever at NSA decided that the US national security interests in crippled-crypto products, such as it is, could be sustained by such a mechanism obvously never heard of the 2600 tone, once the biggest secret of the telephone companies. And those who ignore the past, etc., etc....

As someone who was alive and curious back then (mid 60's), I'd take issue with this. I found plenty of technical papers in the Bell System Technical Journal proudly describing so called SF E&M signalling (which uses 2600 hz) in great detail, along with MFKP (blue box tones) and the whole signalling and switching architecture of the (then) Bell system. They were proud of what they had developed and quite willing to share it with the technical community - it was no dark secret at all. There was even a technical paper that described in detail a bizzare two frequency one transistor oscillator that allowed them to build what was essentially a blue box into a operator console keypad. The problem was that nobody outside of a few insider engineers with devious twisted hacker style imaginations and the spook agency types had ever asked what might happen if you sent these in-band tones down the line from a subscriber telephone at just the right (or wrong) moments, and what it might be possible to do with this knowlage. Nobody else knew or cared to find out what might happen if... It is a sad day for US national security if people entrusted with protecting it don't think about how to defeat the protections they put in place because they are linear thinkers hobbled by the idea that everyone will do only the most obvious things. But I really think that they perfectly well know that current software can be easily patched to defeat controls, and that there is little they can do about it. Nor is the threat from software patches to Netscape really likely to endanger much, since there is already a lot of software like PGP available that is already strong. In fact I rather suspect that they are quite happy to see that patch in ciculation since it substantially bolsters their long held insistance that all crypto be implemented in tamperproof hardware chips and not software. What scares me, as I have said before on this list, is what happens when future tamperproof Intel CPUs acquire the ability to run encrypted code decrypted inside the processor and all copies of Windows 2001 are completely unpatchable and opaque (without breaking the crypto) and nicely jiggered to enforce rules about what programs are allowed to do what or even run at all. -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18