In message <[EMAIL PROTECTED]>, Steve Reid writes:
> On Wed, Oct 13, 1999 at 03:08:49PM -0400, Steven M. Bellovin wrote:
> > But it's also clear that folks who manufacture this gear for sale in
> > the U.S. market are going to have to support CALEA, which in turn
> > means that someone is going to have to standardize the interface --
> > the FBI regulations at the least strongly urge that
> > industry-standard protocols be used for such things.
>
> I'm no lawyer, so I'm probably going out on a limb here, but I don't
> think CALEA can apply to encryption.
>
> If you use a 3DES-encrypted phone over a CALEA-compliant carrier it
> doesn't invalidate the carrier's CALEA compliance. The LEAs still have
> access to the communications, just not to the plaintext. So in practice
> CALEA does not guarantee access to plaintext.
Yes and no. Yes, you're quite correct that CALEA doesn't bar 3DES. *However*
-- where the key comes from matters a lot. If the carrier participates in the
key exchange -- say, by acting as the KDC -- then it has to make available
either that key or the plaintext of the call.
If, on the other hand, the end systems do the key management themselves, say
via PGPphone, Starium, or STU-III -- then the telephone company is off the
hook.
In other words -- CALEA obligates carriers to provide their piece of the
conversation; end-user stuff isn't covered.
And no, I'm not a lawyer, either, but I have to worry about some of this stuff
for my day job.
--Steve Bellovin
