From: Hal <hfinney@shell.portal.com>
Date: Fri, 26 Aug 94 07:49:55 PDT
To: cypherpunks@toad.com
Subject: Re: You can hide from the Chip, but not from the Man.
In-Reply-To: <9408260355.AA06500@io.lrcs.loral.com>
Message-ID: <199408261449.HAA24065@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


koontzd@lrcs.loral.com (David Koontz ) writes:

>The implication is that a counterfeit LEAF is detectible.  As per FIPS Pub
>185, The Escrowed Encryption Standard, a transmission or stream of data is 
>preceded by the Cryptographic Protocol Field (CPF) which is registered to a 
>particular application (Clipper phone - AT&T, for example).  The CPF is used
>to determine where to find the LEAF, the LEAF Creation Method (LCM) and the
>Family Key (KF).  Thus the CPF also identifies the manufacturer, or group of 
-------------------^^^^
>manufacturers for a theoretically second sourced product, by identifying the
>data protocols of the encrypted data (RCELP in the case of AT&T). 

I am confused by the word "thus".  None of the three things in the CPF
mentioned in the previous sentence (where to find the LEAF, the LCM,
the KF (BTW, I thought the family key was a big secret?)) include the
manufacturer or the data protocols in any apparent way.  Are there more things
in the CPF than the three you listed?

Also, isn't it likely that RCELP will be widely used by all manufacturers
to be compatible with AT&T, so in practice all will use the same protocol,
and so this does not really identify the manufacturer?

As for recognizing bogus LEAF's, this would be only after decrypting with
the family key, right?  This is not supposed to be done routinely, although
it doesn't require access to the escrow database.  It's true that if a
family-key-decrypted LEAF using Blaze's rogue technique "stands out", that
certainly could call unwelcome attention to the users of his ideas.

Hal