From: Adam Back <aba@dcs.ex.ac.uk>
To: petro@playboy.com
Message Hash: 9ff3bd9211b21e99b7dd8a784d8dc6d18a2077c48bdd69e595bbf18c1dde1daf
Message ID: <199810082026.VAA14458@server.eternity.org>
Reply To: <v04011703b242b48621e3@[206.189.103.230]>
UTC Datetime: 1998-10-08 21:11:40 UTC
Raw Date: Fri, 9 Oct 1998 05:11:40 +0800
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 9 Oct 1998 05:11:40 +0800
To: petro@playboy.com
Subject: does Web TV use forward secret cipher-suites? (Re: Web TV with 128b exported)
In-Reply-To: <v04011703b242b48621e3@[206.189.103.230]>
Message-ID: <199810082026.VAA14458@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain
Petro writes:
> At 2:39 PM -0500 10/7/98, Steve Bryan wrote:
> >David Honig wrote:
> >
> >>I'd guess that the Export control puppets know that the Web-TV hubs will
> >>be subpoena-able by the US even in these other "sovereign" nations.
> >>The WebTV centralized infrastructure makes this easy.
This is as others have noted cisco's doorbelling approach to GAK --
having routers and automated systems doing decryption, and allowing
LEA either direct access (possibly in this case), or access via
complicit operators.
One question which might help determins just how bad this Web TV thing
is, is does it use the forward secret ciphersuites.
If it did use FS ciphersuites, if the LEA starts reading traffic after
some point (by asking the WebTV operators to do so, or by using a
special LEA operator mode), he can't get all old traffic.
The EDH (ephemeral DH) modes are forward secret because a new DH key
is generated for each session.
Some of the RSA modes are forward secret, but only on export grade RSA
key sizes (512 bit).
As it got export permission, I fear the worst. Perhaps even special
LEA operator access.
Adam
Return to October 1998
Return to ““William H. Geiger III” <whgiii@invweb.net>”