From: solman@MIT.EDU
To: shamrock@netcom.com (Lucky Green)
Message Hash: 4b508756e7eed403c1616d80d479052690c58273cbaa9e697fcc785721207893
Message ID: <9409021338.AA20390@ua.MIT.EDU>
Reply To: <199409020621.XAA15351@netcom7.netcom.com>
UTC Datetime: 1994-09-02 13:38:45 UTC
Raw Date: Fri, 2 Sep 94 06:38:45 PDT
From: solman@MIT.EDU
Date: Fri, 2 Sep 94 06:38:45 PDT
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Cabel TV's new specs require leaky encryption
In-Reply-To: <199409020621.XAA15351@netcom7.netcom.com>
Message-ID: <9409021338.AA20390@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain
> ".c4.11.7.1.1 Security System Objectives:
> The Offeror shall specify [..] whether it is possible to hide information
> in the digital signature number of which the signer would be unaware, which
> could conceal information. "
>
> Such as parts of the key?
Yup, that's why you always want to know who implemented your
authentication scheme. But the fact that an algorithm is capable
of doing sumliminal messaging does not speak badly about it. In
fact, I think it is an extremelly good sign that this was placed
in the RFP. It shows that they are aware of the potential problem
and are trying to avoid it (IMNSHO). If a cable company actually
tried to leak your key in this manner, it would create an enourmous
potential liability for them.
> and under .c3.11.7.2 Privacy:
> " It should be possible to manage encryption keys and provide them to law
> enforcement agencies on demand."
Cable companies would like to offer some services as a common carrier
(although they clearly want avoid having the entirety of their business
designated as such). That means that they are going to have to comply
with the digital telephony act.
Cheers,
Jason W. Solinsky
Return to September 1994
Return to “tcmay@netcom.com (Timothy C. May)”