From: smb@research.att.com
Date: Tue, 15 Feb 94 10:36:50 PST
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: LEAF, SS7
Message-ID: <9402151822.AA16083@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	  > The structure of the LEAF is also a dead giveaway that Clipper is
	  > being used -- it's easy to envision a box that has the family key,
	  > and tries every LEAF-sized field to see if it decrypts to something
	  > that looks right, and in particular has the right checksum.

	 I'm going to make the almost certainly valid assumption that you know
	 more about the way the network works than I do, but my assumption is
	 this:  in the wacky scenario I described wherein Clipper devices are
	 installed in the network interfaces "everywhere", then the presence of
	 these identifiable (and identifying!) packets means that a central tap
	 at a regional switching center could concievably perform traffic
	 analysis without the need for taps on local loops anywhere.  Is this
	 assumption way wrong?

I suspect that you'd have too much data -- you'd have to be able to
scan every part of every conversation.  If you're going to go to those
lengths, you'd do just as well to tap the signaling channels instead --
a lot less data, and most of it organized the way you want it.