[2673] in Kerberos
Clinton Crypto System (CCS)
daemon@ATHENA.MIT.EDU (Ganesan)
Mon Apr 19 17:23:20 1993
From: bf4grjc@socrates.MIT.EDU (Ganesan)
To: smb@research.att.com
Date: Mon, 19 Apr 1993 16:58:04 -0500 (EDT)
Cc: kerberos@Athena.MIT.EDU, denning@cs.cosc.georgetown.edu
In-Reply-To: <m0nl23l-0000YOC@bagate.BELL-ATL.COM> from "smb@research.att.com" at Apr 19, 93 03:59:02 pm
Reply-To: bf4grjc@bell-atl.com
1) Thought this would be good time to remind the security
community of the 1st ACM Conference on Computer and Communications
Security, to be held in November 1993. Dorothy Denning, the General Chair,
MAY be organizing a panel on our favourite topic..... Also paper
submissions (see enclosed CFP) are due to me by May 15. Note that
"Cryptographic Standards" is one of the topics....
2) Doesn't this thing have a name? Its NOT a key exchange standard. How about
the Clinton Crypto System (CCS) since the buck for this stops with him??
3) Re: Keeping algorithms secret. Fine. Use the greatest tamperproofing
chip technology you can find. What they CANNOT DO is keep the usage
a secret. i.e. the i/o parmaters, pin details HAVE to be public. As one
of the inputs is the session key K - the question boils down to this:
Introducing: The GOTCHA chip
----------------------------
What does it cost to manufacture a chip with an identical configuration
that uses some completely different encryption key, but is plug compatible
with the PCS equipment or the motherboard of a computer? Lets call this
the GOTCHA chip. Any two users who use the GOTCHA chip instead of the
CLIPPER chip WILL have a secure, UNTAPPABLE, channel.
Cost of GOTCHA chip: Probably quite high. The Fixed Cost of chips are high
compared to the unit cost. However this cost is HARDLY LIKELY to be out of
the reach of a sophisticated drug/terrorist ring. (Also: Can the govt. make
production/possesion/use of the GOTCHA chip illegal? Are there parallels
here with the use of radar detectors?
Hypothetically, we can break line-tapping activities as targeted against
three classes of users:
Category 1: Terrorists/Drug-Dealers: The big guys, whom the govt. is most
interested in tapping. These guys will probably use the GOTCHA chip.
Category 2: Lesser criminals who will probably use the CLIPPER chip for
convenience. I mean "lessor' in terms of the societal impact of the
crime - NOT its nature. Maybe kidnappers, serial killers and rapists
belong here.
Category 3: Misuse/abuse against innocent people. These users WILL use the
CLIPPER chip.
If you are willing to buy the argument that Category 1, WILL use the
GOTCHA chip, then someone needs to ratiocinate the benefits of catching
the Category 2 criminals against the abuse.
Ravi
--
*******************************************************************************
Ravi Ganesan e-mail: ravi@socrates.bell-atl.com
IS SAS Corporate Network Planning v-mail: (301) 595-8439
Bell Atlantic Fax: (301) 595-1341
Note: If your e-mail reply to me bounces, try sending it explicitly to
ravi@socrates.bell-atl.com instead of using the 'reply' feature.
******************************************************************************
