[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Knowledge of cryptography, Was: RE: More True Names: The NIST Security Board



Harry identified several names on the CLIPPER list, including:
>mcnulty@ecf = F. Lynn McNulty an associate director for computer
>security at the National Institute of Standards and Technology's
>Computer Systems Laboratory

At this Fall's National Computer Security Conference, Mr. McNulty
was a speaker on the NIST's digital signature session. They talked about
both the non-RSA DSS, and use of Certifying Authorities with a RSA-based
scheme.

At that same conference, I gave a paper on security that described
a fishnet of trust between systems. This was written in February 92,
well before I read Phil's "web of trust" from the PGP docs, which I
read sometime over the summer.

During the Q&A, I asked Mr NcNulty to compare the advantages and
disadvantages of a heirarchical CA approach to an interlocking fishnet/web
of trust. I hoped he would at least recognize that any heirarchy has
problems from the top down if an upper level is compromised. Instead,
he could not address any differences. I believe that working in the
government has made the hierarchy seem to be the only implementation that
he envisioned. He fobbed the question off to one of his technical
underlings, but he, too, was unable to answer it (or even coherently
address it).

I believed then (and still do) that the closed loop process used
by NIST and the TLAs has caused them to overlook a number of promissing
alternatives. This means that we crypto-provacy advocates must start an
education effort.

Pat