From: wcs@anchor.ho.att.com (Bill_Stewart_HOY002_1305)
Date: Wed, 29 Sep 93 11:56:30 PDT
To: ebrandt@jarthur.Claremont.EDU
Subject: Re: Clipper specifics
Message-ID: <9309291709.AA01660@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text


> Their spokesagency, NIST, has said that it will be illegal to encrypt
> on top of Skipjack or to mung the LEEF.  Pre-encryption is not
> mentioned, AFAIK, and would be borderline impossible to detect anyway.  

Actually, it won't be illegal, unless they get CONgress to pass some laws,
but they may be able to do some contractual constraints on it as part of
the process of getting your Skipjack products approved, either through
the current process of export approval, or through the approval process described
in the proposed FIPS (which basically says "Whatever NSA wants");
they could even place restrictions on selling Clipper chips to unapproved 
companies.

It *will* violate the FIPS, if the FIPS gets approved, so you won't be
able to sell SkipJack/LEAF products to the government unless they're capable
of operating without post-encryption.  That doesn't mean they won't buy
dual-mode products that are switchable between secure and FIPS modes,
though obviously the politics of the situation don't make that real likely :-)

An interesting question is whether the export or manufacturing approval processes
will ban the use of Clipper/etc. in programmable devices, either explicitly
user-programmable ones, or devices in which the PROMs are easily replaced.
It costs a little, but using flash-EPROM in a secure phone would make
firmware upgrades easy, and that could include a LEAF-masking option.