From: m5@vail.tivoli.com (Mike McNally)
Date: Tue, 15 Feb 94 10:21:42 PST
To: smb@research.att.com
Subject: Re: LEAF, SS7
In-Reply-To: <9402151811.AA15323@tivoli.com>
Message-ID: <9402151816.AA28003@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain



smb@research.att.com writes:
 > But the LEAF itself is encrypted, including the session key, so
 > enemies can't do traffic analysis based on the LEAF.

"Enemies"?  Isn't that a subjective term?  :-)

 > The structure of the LEAF is also a dead giveaway that Clipper is
 > being used -- it's easy to envision a box that has the family key,
 > and tries every LEAF-sized field to see if it decrypts to something
 > that looks right, and in particular has the right checksum.

I'm going to make the almost certainly valid assumption that you know
more about the way the network works than I do, but my assumption is
this:  in the wacky scenario I described wherein Clipper devices are
installed in the network interfaces "everywhere", then the presence of
these identifiable (and identifying!) packets means that a central tap
at a regional switching center could concievably perform traffic
analysis without the need for taps on local loops anywhere.  Is this
assumption way wrong?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5@tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |