Re: New CALEA Backdoors annouced

[ICMan <shane () tor securecomputing com>]

Bill,

I would like to point out that the "backdoor" proposed is really a "front 
door" with a big dead bolt on it.  The proposed method of providing 
access to encrypted traffic to law enforcement officials does not weaken 
the key length.  The key remains as strong.  Access to the information is 
granted to law enforcement agencies by the sysadmin.  The sysadmin can 
chose to comply with law agencies or not.  I would recommend that they do 
comply, but the option to fight an inappropriately obtained warrant still 
exists.

With key escrow, enforcement agencies can crack encryption whenever they 
wish, and it becomes more difficult to protect against law agencies' 
inappropriate use of their capability to eavesdrop on encrypted connections.

The solution proposed should provide international companies with the 
confidence to use US created VPN products.  Bank of Hong Kong will not 
use a US encryption product knowing that the US government can get into 
their traffic at the drop of a hat.

ICMan


Disclaimer:  My opinions are most likely not that of my employer.  It's a 
wonder they are even mine.

 

On Wed, 15 Jul 1998, Stout, Bill wrote:

> Ascend, Bay Networks, Cisco Systems, 3Com, Hewlett-Packard, Intel,
> Microsoft, Netscape Communications, Network Associates, Novell, RedCreek
> Communications, Secure Computing, Sun Microsystems agreed to support a
> sysadmin crypto backdoor for CALEA.
>
> http://cgi.pathfinder.com/netly/article/0,2334,14025,00.html
> http://www.cisco.com/warp/public/146/july98/3.html
> http://www.infoworld.com/cgi-bin/displayStory.pl?980714.wnencryption.htm
>
> Only a year ago did security people scoff at the existence of
> intentional 'backdoors'.  For some psychological reason publicly
> announced backdoors in domestic products are more believable than
> covertly planted backdoors in foreign products.
>
> Bill Stout