>From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
>Subject: Re: Old PEM vs. New PEM
>Date: Tue, 28 Jun 1994 17:44:38 +22306356
>> The stated policy of the US Federal Govt (the US President,
>> actually) is to work for the provision of excellent telephone and data
>> communication confidentiality to all US citizens, except where private
>> information disclosure is permitted by law.
>
>In the light of the Clipper debacle, was this said intentionally with a
>straight face?
>
> Valdis Kletnieks
> Computer Systems Engineer
> Virginia Tech
I do not believe the policy has changed in the last 15 years :-| The
difference is perhaps that Clinton personally directed NIST to make a
hardware-based, standardized, escrowed key-distribution technology
available in order to facilitate an immediate expansion in the
commercial use of open, asynchronous, telecomms products and services,
and faciliate confidential telephone calls (except, as currently, where
private...) The added precision however was a modern "deviation" of
policy, in my opinion, and no clause is likely to be dropped.
---------
I have yet to see a real-world attack scenario mounted against a
clippered-phone operating on the phone network of a US regulated common
carrier (the intended operational environment assumed by the original
assurance evaluation of the technology), or one which denies the public
the intended confidentiality benefits.
Have you? If so, can you describe it, or demonstrate it?
If you are thinking about the so-called attack (Clipper debacle,
indeed!) based on subverting the purpose of the checksum protecting the
integrity of the LEAF field, when using a Tessera card embedding a
Capstone chip to protect the public's data confidentiality, then pray
tell just which unauthorized party can subvert the user's
confidentiality?
(That would have been a debacle, worthy of history.)
Personally I dont care too much that privacy-zealots might go to
extremes of personal time and cost to prevent law-enforcement
wiretapping of unclassified-but-sensitive data communication. But, then
such people always have done, and always will. Who cares? If the
Clipper policy implementation makes a win-win for 99.9% of people in
society, then other standard police methods (traffic analysis mainly)
will help catch the law-breakers in the remaining .1%.
The main purpose of the US Fed. Govt. policy is to prevent network
snoops invading privacy space or committing identity
communication-related frauds, in a manner which lowers the public's
confidence in their using network services for higher-criticality
activities. At least, thats what I believe.
Anyone care to exchange some Clippered PEM objects? (Just to stir
up the pot...)