Re: Chinese WAPI protocol?

2006-06-14 Thread Steven M. Bellovin 
On Wed, 14 Jun 2006 12:33:46 -0700, Ben Pfaff <[EMAIL PROTECTED]> wrote:

> David Wagner <[EMAIL PROTECTED]> writes:
> 
> > The specification is secret and confidential.  It uses the SMS4
> > block cipher, which is secret and patented. [*]
> 
> "Secret" and "patented" are mutually exclusive.

Perhaps not.  The Clipper chip may have been patented -- see
http://catless.ncl.ac.uk/Risks/15.48.html#subj1 for details.

I also don't know what Chinese law is on the subject.

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Chinese WAPI protocol?

2006-06-14 Thread leichter_jerrold 
| > The specification is secret and confidential.  It uses the SMS4
| > block cipher, which is secret and patented. [*]
| 
| "Secret" and "patented" are mutually exclusive.
Actually, they are not.  There is a special provision in the law under
which something submitted to the patent office can be declared secret.
You as the inventor are then no longer allowed to talk about it.  I think
you are granted the patent, but it cannot be published.

This provision has been applied in the past - we know about it because
the secrecy order was later (years later) lifted.  I don't believe
there is any way for someone on the outside to know how many patents
may have tripped over this provision.

Needless to say, this is a disaster for you if you are the patent
applicant and want to sell your product.  But there isn't much of
anything you can do about it.  I'm not sure what happens to the term
of a patent "hidden" in this way.

The above description is of US law.  It's likely that similar provisions
exist in other countries.
-- Jerry


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Chinese WAPI protocol?

2006-06-14 Thread Mike Owen 

On 6/14/06, Ben Pfaff <[EMAIL PROTECTED]> wrote:

David Wagner <[EMAIL PROTECTED]> writes:

> The specification is secret and confidential.  It uses the SMS4
> block cipher, which is secret and patented. [*]

"Secret" and "patented" are mutually exclusive.
--
Ben Pfaff


For the uspto, yes. For sipo, not necessarily.

Back on topic, for the original fast track proposal, and then the
Chinese followup to the rejection, see the following two links

Proposal
https://committees.standards.org.au/COMMITTEES/I-000/X0001/JTC001-N-7904.pdf

Follow up
http://wapi.org.cn/doc/Analysis%20and%20Rejection%20of%20WAPI%20Ballot%20Comments.pdf



Mike

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Chinese WAPI protocol?

2006-06-14 Thread Ben Pfaff 
David Wagner <[EMAIL PROTECTED]> writes:

> The specification is secret and confidential.  It uses the SMS4
> block cipher, which is secret and patented. [*]

"Secret" and "patented" are mutually exclusive.
-- 
Ben Pfaff 
email: [EMAIL PROTECTED]
web: http://benpfaff.org


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Chinese WAPI protocol?

2006-06-14 Thread Eastlake III Donald-LDE008 
OK, after various queries I figured out that the page has moved and I
was being screwed up by cached data or something. The correct URL for
the 802.11 time lines web page is

http://grouper.ieee.org/groups/802/11/Reports/802.11_Timelines.htm

Sorry,
Donald

-Original Message-
From: pat hache [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 13, 2006 8:06 PM
To: Eastlake III Donald-LDE008
Cc: cryptography@metzdowd.com
Subject: Re: Chinese WAPI protocol?

no problem , Don
probably my mac woudn t see such page... (!?!!?) Pat (Mexico)

On 13 juin 06, at 18:40, Eastlake III Donald-LDE008 wrote:

The page is certainly supposed to be there... I've sent off some queries
and in the mean time attached it.

Sorry,
Donald


Donald
Hi ...

just to check your ref.
Pat.
//
Sorry, but the page you have requested
http://grouper.ieee.org/groups/802/11/802.11_Timelines.htm
does not exist on this site.

You may want to type in a description of what you were looking for at
our search engine.

This software is maintained by IEEE Standards Systems/Network Staff.
<802_11 Timelines.htm>


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

NIST recommendations for PRNGs

2006-06-14 Thread Perry E. Metzger 

via Bruce Schneier's blog:

http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90_DRBG_June2006.pdf

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: report on security risks of applying CALEA to VoIP

2006-06-14 Thread pat hache 

just received from IP
cheers

From: Susan Landau <[EMAIL PROTECTED]>
Date: June 13, 2006 10:35:37 AM EDT
To: [EMAIL PROTECTED]
Subject: report on security risks of applying CALEA to VoIP

Tuesday  13 June 2006  at 10:35

Below you'll find an executive summary of "Security Implications of
Applying the Communications Assistance for Law Enforcement Act to Voice
over IP," by Steve Bellovin, Matt Blaze, Ernie Brickell, Clint Brooks, 
Vint

Cerf, Whit Diffie, Susan Landau, Jon Peterson, John Treichler.

The full report is at: 
http://www.itaa.org/news/docs/CALEAVOIPreport.pdf.


Susan



Security Implications of Applying the Communications Assistance to Law
Enforcement Act to Voice over IP

  Steven Bellovin, Columbia University
  Matt Blaze,  University of Pennsylvania
  Ernest Brickell, Intel Corporation
  Clinton Brooks, NSA (retired)
  Vinton Cerf, Google
  Whitfield Diffie, Sun Microsystems
  Susan Landau, Sun Microsystems
  Jon Peterson, NeuStar
  John Treichler, Applied Signal Technology


Executive Summary

For many people, Voice over Internet Protocol (VoIP) looks like a nimble
way of using a computer to make phone calls.  Download the software, 
pick

an identifier and then wherever there is an Internet connection, you can
make a phone call.  From this perspective, it makes perfect sense that
anything that can be done with a telephone, including the graceful
accommodation of wiretapping, should be able to be done readily with 
VoIP

as well.

The FCC has issued an order for all ``interconnected'' and all broadband
access VoIP services to comply with Communications Assistance for Law
Enforcement Act (CALEA) --- without specific regulations on what 
compliance
would mean.  The FBI has suggested that CALEA should apply to all forms 
of

VoIP, regardless of the technology involved in the VoIP implementation.

Intercept against a VoIP call made from a fixed location with a fixed IP
address directly to a big internet provider's access router is 
equivalent
to wiretapping a normal phone call, and classical PSTN-style CALEA 
concepts

can be applied directly. In fact, these intercept capabilities can be
exactly the same in the VoIP case if the ISP properly secures its
infrastructure and wiretap control process as the PSTN's central offices
are assumed to do.

However, the network architectures of the Internet and the Public 
Switched
Telephone Network (PSTN) are substantially different, and these 
differences

lead to security risks in applying the CALEA to VoIP.  VoIP, like most
Internet communications, are communications for a mobile environment.  
The
feasibility of applying CALEA to more decentralized VoIP services is 
quite

problematic.  Neither the manageability of such a wiretapping regime nor
whether it can be made secure against subversion seem clear.  The real
danger is that a CALEA-type regimen is likely to introduce serious
vulnerabilities through its ``architected security breach.''

Potential problems include the difficulty of determining where the 
traffic

is coming from (the VoIP provider enables the connection but may not
provide the services for the actual conversation), the difficulty of
ensuring safe transport of the signals to the law-enforcement facility, 
the
risk of introducing new vulnerabilities into Internet communications, 
and
the difficulty of ensuring proper minimization.  VOIP implementations 
vary
substantially across the Internet making it impossible to implement 
CALEA

uniformly.  Mobility and the ease of creating new identities on the
Internet exacerbate the problem.

Building a comprehensive VoIP intercept capability into the Internet
appears to require the cooperation of a very large portion of the 
routing

infrastructure, and the fact that packets are carrying voice is largely
irrelevant.  Indeed, most of the provisions of the wiretap law do not
distinguish among different types of electronic communications.  
Currently
the FBI is focused on applying CALEA's design mandates to VoIP, but 
there

is nothing in wiretapping law that would argue against the extension of
intercept design mandates to all types of Internet communications.  
Indeed,
the changes necessary to meet CALEA requirements for VoIP would likely 
have

to be implemented in a way that covered all forms of Internet
communication.

In order to extend authorized interception much beyond the easy 
scenario,

it is necessary either to eliminate the flexibility that Internet
communications allow, or else introduce serious security risks to 
domestic
VoIP implementations.  The former would have significant negative 
effects

on U.S. ability to innovate, while the latter is simply dangerous.  The
current FBI and FCC direction on CALEA applied to VoIP carries great 
risks.




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]