LEAF, SS7

[Mike McNally]

smb at research.att.com writes:
 > But the LEAF itself is encrypted, including the session key, so
 > enemies can't do traffic analysis based on the LEAF.

"Enemies"?  Isn't that a subjective term?  :-)

 > The structure of the LEAF is also a dead giveaway that Clipper is
 > being used -- it's easy to envision a box that has the family key,
 > and tries every LEAF-sized field to see if it decrypts to something
 > that looks right, and in particular has the right checksum.

I'm going to make the almost certainly valid assumption that you know
more about the way the network works than I do, but my assumption is
this:  in the wacky scenario I described wherein Clipper devices are
installed in the network interfaces "everywhere", then the presence of
these identifiable (and identifying!) packets means that a central tap
at a regional switching center could concievably perform traffic
analysis without the need for taps on local loops anywhere.  Is this
assumption way wrong?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |