[4731] in cryptography@c2.net mail archive
Re: Fortezza LEAF suppression
daemon@ATHENA.MIT.EDU (EKR)
Mon May 17 16:51:30 1999
To: pgut001@cs.auckland.ac.nz
Cc: cryptography@c2.net
From: EKR <ekr@rtfm.com>
Date: 17 May 1999 12:03:04 -0700
In-Reply-To: pgut001@cs.auckland.ac.nz's message of "Tue, 18 May 1999 06:03:13 (NZST)"
pgut001@cs.auckland.ac.nz (Peter Gutmann) writes:
> Does anyone know how the enabling of Fortezza LEAF suppression works? Since you
> have to return the cards to the vendor so the LEAF suppression feature can be
> added, it looks like there's an uploadable firmware patch available which would
> turn off the GAK on any Fortezza card. I'd guess it's done via a signed upload
> of new firmware to the card, but the fact that such a capability even exists,
> and appears to work back to the very first cards (one of the vendor docs even
> states that "the suppression of the LEAF has been rather easy"), is interesting.
> Had Clipper/whatever taken off, it would have been a simple matter to disable
> GAK in the government versions and leave the GAK'd ones for the masses.
FORTEZZA cards have always had uploadable firmware. As far as I know,
it was mainly intended for upgrade purposes, not LEAF removal.
As you indicate, the firmware needs to be signed.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
