The Clinton Administration's recent proposal, and responses to same from the net community, have left several questions in my mind: o Are these devices intended to be used as isolated pairs - such that two phones/modems/whatever will only speak with each other .. or will any such device speak with any other such device? If any device can communicate with any other device, how is the key(s) for en/decryption for any particular session determined? .. and what prevents an eavesdropper who is present from the beginning of the session from using that data to decrypt the conversation? o According to the EFF response to the proposal, there aren't really two keys, but two 40-bit halves of one 80-bit key. Doesn't this imply that were a "bad guy" able to get just one of those halves, the computing power required to do a brute-force attack is considerably lessened? (I'm asking a question here, not making a statement. I read about this because I think it's interesting but it's not really my field.) o Presumably, these devices will insert into the data stream some sort of "sender ID" which will allow eavesdroppers to know which key(s) they need a warrant for - doesn't this seem to make it pretty easy to keep track of data along the lines of "Station 12345 sent 500 packets to station 31415, who sent 7734 packets in return" .. which would seem to present privacy questions separate from (but dwarfed by :) the security of the encryption itself? Also, cypherpunks readers may find these two snippets from two articles re the proposal interesting (and chilling): --- _NY Times_, 4/16/93, p. A1 (National edition) "The Clinton Administration plans a new system of encoding electronic communications that is intended to preserve the Government's ability ^^^^^^^ to eavesdrop for law enforcement and national security reasons .." --- Eugene, Oregon's _Register-Guard_, 4/16/93, p. 3A "The Clinton Administration is about to announce a plan to preserve privacy in electronic communications, including telephone calls and electronic mail, while also insuring [sic] the government's right ^^^^^ to eavesdrop for law enforcement and national security reasons." --- Emphasis, of course, added by me. The Register-Guard article is taken from the NY Times' article (presumably from a wire service) and consists of paragraphs 2,3,4,5,6,8, and 9 of the NY Times article, with changes to the first paragraph noted above. Grr. -- Greg Broiles greg@goldenbear.com Golden Bear Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764