Clipper key negotiation...

L. Detweiler ld231782 at longs.lance.colostate.edu
Tue Apr 27 12:45:26 PDT 1993 

is nonexistent.

That is, as I understand it, the algorithm for creating/exchanging the
session key that is negotiated at the beginning of each call is *not*
built into the chip or the standard.

Am I correct? Mrs. Denning has conspicuously evaded this issue only by
saying that the keys can be exchanged via Diffie-Hellman or RSA. The
point is, the phone hardware designer/integrator must use an additional circuit.

Isn't this a serious potential defect of the chip? Isn't it amazing
that the design neglects the issue completely? Wouldn't the ideal (or
even `usable'?) chip have this built in? If RSA refused to grant
support to people using the algorithm for this purpose, it could have
tremendous effect in helping  vanquish it... What will be their
commitment in this area? Is Mr. Bidzos annoyed about the Clipper chip
as a veiled revocation of American rights or as a lucrative
opportunity, denied at first, but not later, to get a tasty piece of
the wiretapping pie? It seems to me that Mr. Bidzos has a critically
pivotal decision to make, and to make clear. Or has it been made
already, by someone else?

If somebody comes out with a neat chip that interfaces to the Clipper
*really soon* that has been *totally approved* by RSA for clipper key
negotiation, I'd be a bit suspicious....

Can anybody clear this up? Exactly what parts of session key exchange/
negotiation/ generation are handled by the chip, and which aren't?
There is not even specific information in Denning's statements about
when all this (including the All-American Privacy-Protecting Law
Enforcement Block, ug!) is transmitted (at the beginning of the call,
presumably).  Why hasn't there been more inquiry into this?

Is the key fed to the chip by other circuitry? That would seem to be
the case. The chip appears to be just a low level encryption device,
not something high-level that worries about key manipulation and
trading.  Hence, there may be widely varying approaches to implementing
key exchange.  Not much of a `standard' that leaves unspecified
something so basic.  Notice however that the wiretapper does not care,
because this is not involved in the decryption; the crucial data for
them is that the serial number and family codes be correct for the
chip. So, these aspects are hardwired.

More information about the cypherpunks-legacy mailing list