Hi Paul,
You left out one option: that Tony Rutkowski was misquoted
by the Times.
I checked with Tony, and this is, in fact, what happened.
Here is his
full response:
------------------------------------------------------------
------------
------------
Since the external security lists seem to be buzzing with
discourse
about Phil Zimmerman's VoIP encryption product as covered
by John
Markoff in the NY times on Monday, and my quote about German
capabilities to decrypt, let me explain the context and what
was
actually said.
John (who I've known for several decades) called my
cellphone Sunday
morning and said he was writing an article on Zimmerman's
software and
his making it available, and asked from a CALEA standpoint,
whether this
was covered. I explained that the recent FCC CALEA orders
on VoIP
presently exempted P2P VoIP, so that Zimmerman's product
was outside the
requirements. In multiple roles, including formal filings
and legal
forums, I deal with this subject all the time.
I also mentioned, however, that CALEA requirements exist
worldwide, and
that German officials at a recent Cyprus standards
conference on lawful
interception had stated that they "have a Skype
solution." I explained
to John that most other countries have far more extensive
CALEA like
requirements, and that Germany among others were likely to
impose their
"solutions."
In the article that was published, my domestic coverage
explanation was
attributed to someone else, and my "German
solution" explanation was
morphed into a statement that they can decrypt Skype
content. The
context of the actual discussion, however, was regulatory
requirements.
Whether the German government can or cannot decrypt Skype
content is not
known, and indeed the details of their regulatory
requirements are also
unknown.
--tony
-----Original Message-----
From: owner-cryptography metzdowd.com
[mailto:owner-cryptographymetzdowd.com] On Behalf Of
Paul Hoffman
Sent: Monday, May 22, 2006 8:19 AM
To: Steven M. Bellovin; cryptographymetzdowd.com
Subject: Re: Phil Zimmerman and voice encryption; a Skype
problem?
At 10:19 AM -0400 5/22/06, Steven M. Bellovin wrote:
>There's an article in today's NY Times (for
subscribers, it's at
>http://www.nytimes.com/2006/05/22/tec
hnology/22privacy.html?_r=1&oref=s
>login ) on whether Phil Zimmerman's Zfone -- an
encrypted VoIP package
>-- will invite government scrutiny. There doesn't seem
to be any
>imminent threat in the U.S.; the one concrete example
mentioned -- the
>British plan to give police the power to compel
individuals to disclose
>keys -- doesn't threaten Zfone, because it uses
Diffie-Hellman for
>(among other things) perfect forward secrecy and
doesn't even have any
>long-term keys. (See draft-zimmermann-avt-zrtp-01.txt
for protocol
>details.)
>
>The fascinating thing, though, was this sentence near
the end of the
>article:
>
> But at a conference last week in Cyprus, German
officials said
> they had technology for intercepting and decrypting
Skype phone
> calls, according to Anthony M. Rutkowski, vice
president for
> regulatory affairs and standards for VeriSign, a
company that
> offers security for Internet and phone operations.
>
>The Berson report says that Skype uses AES-256. NSA
rates that as
>suitable for Top Secret traffic, so it's presumably not
the cipher.
>Berson analyzed a number of other possible attack
scenarios; the only
>one that seems to be possible is an active attack plus
forged
certificates.
>If Berson's analysis was correct -- and we all know how
hard it is to
>verify cryptographic protocols -- that leaves open the
possibility of a
>protocol change that implemented some sort of
Clipper-like
functionality.
Please don't forget that the VeriSign spokesperson may be
mistaken, or
purposely lying (possibly in order to drum up business for
the company).
Neither would be a first for VeriSign.
--Paul Hoffman, Director
--VPN Consortium
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to
majordomometzdowd.com
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
|