From: smb@research.att.com
To: m5@vail.tivoli.com (Mike McNally)
Message Hash: 50f182c39df597fba0ab6bf5844eef46d671d17fd679a2afa731f539efb4575e
Message ID: <9402151811.AA15802@toad.com>
Reply To: N/A
UTC Datetime: 1994-02-15 18:16:01 UTC
Raw Date: Tue, 15 Feb 94 10:16:01 PST
From: smb@research.att.com
Date: Tue, 15 Feb 94 10:16:01 PST
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: LEAF, SS7
Message-ID: <9402151811.AA15802@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
The LEAF has many very interesting attributes. As I mentioned earlier,
in response to Mike's original question -- yes, there are tremendous
advantages to the LEAF for a traffic analyst.
But the LEAF itself is encrypted, including the session key, so
enemies can't do traffic analysis based on the LEAF.
The structure of the LEAF is also a dead giveaway that Clipper is
being used -- it's easy to envision a box that has the family key,
and tries every LEAF-sized field to see if it decrypts to something
that looks right, and in particular has the right checksum. It
detects Clipper -- and coupled with a random sequence detector, it
detects encrypted, non-Clipper traffic...
Return to February 1994
Return to “smb@research.att.com”