[EMAIL PROTECTED] (Arnold G. Reinhold) writes:
>I've always thought that the unique id built into each device and available
>to Law Enforcement (LE) without court order would give LE huge leap forward
>in traffic analyses.
That's not unique to Clipper though, I bet there are systems out there right
now which are grepping for certain PGP key ID's, S/MIME cert serial
numbers[0], etc etc etc as part of Echelon (even if you don't publish the key,
it's not going to be that hard to correlate a J.Random unpublished key ID
with an end entity).
Peter.
[0] Since many CA's use MD5 or SHA-1 hashes as the "serial number", you can
generally uniquely identify a cert by its "serial number" rather than
having to bother with the DN mess. It's pretty easy to automate, just
do a match for the 16- or 20-byte value which begins 15 bytes from the
start of the cert.
