The FCC issued yesterday its detailed definitions of what types of
services are and are not subject to CALEA requirements:
http://cryptome.org/fcc101299.txt
This was issued in an attempt is to answer questions from
respondents about what is a "telecommunications carrier."
Excerpts:
"5.
At 00:03 10/13/1999 -0400, Perry E. Metzger wrote:
I thought this forward from "Interesting People" would be of interest
Perry,
This followup might be relevant too. Has the FBI ever publicly weighed in
on an IETF debate before? Are there any implications here in other areas,
such as taxes,
In message [EMAIL PROTECTED], Declan McCullagh wr
ites:
This followup might be relevant too. Has the FBI ever publicly weighed in
on an IETF debate before? Are there any implications here in other areas,
such as taxes, content, or encryption?
There are clearly many aspects to this
Another point to consider is that if the CALEA standards are arrived
at in an open and public manner, it could be made easy to tell whether
or not a given device is implementing them, and one could then use the
CALEA status of a device as part of the purchasing decision.
If the CALEA protocol
"Steven M. Bellovin" [EMAIL PROTECTED] writes:
So -- how should the back door be installed? In the protocol? In the telco
endpoint? Is it ethical for security people to work on something that lowers
the security of the system? Given that it's going to be done anyway, is it
ethical to refrain,
In message [EMAIL PROTECTED], "P.
J. Ponder" writes:
Is it a given that IETF standard protocols will contain backdoors? I
support the idea of bringing the issue before the IETF. Surely the vast
majority will oppose weakening the protocols.
No, it is by no means a settled question.
"paul a. bauerschmidt" [EMAIL PROTECTED] writes:
neat question:
http://www.arcot.com/arcot_ieee.pdf
a method of protecting private keys using camouflage, in software, to
prevent dictionary attacks.
one password will decrypt correctly, many other passwords will produce
alternate,
Steven M. Bellovin writes:
So -- how should the back door be installed? In the protocol? In the telco
endpoint? Is it ethical for security people to work on something that lowers
the security of the system? Given that it's going to be done anyway, is it
ethical to refrain, lest it