From: smb@research.att.com
Date: Tue, 15 Feb 94 10:16:01 PST
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: LEAF, SS7
Message-ID: <9402151811.AA15802@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The LEAF has many very interesting attributes.  As I mentioned earlier,
in response to Mike's original question -- yes, there are tremendous
advantages to the LEAF for a traffic analyst.

But the LEAF itself is encrypted, including the session key, so
enemies can't do traffic analysis based on the LEAF.

The structure of the LEAF is also a dead giveaway that Clipper is
being used -- it's easy to envision a box that has the family key,
and tries every LEAF-sized field to see if it decrypts to something
that looks right, and in particular has the right checksum.  It
detects Clipper -- and coupled with a random sequence detector, it
detects encrypted, non-Clipper traffic...