[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Geer Zolot White Paper: Clipper Initiative
------- Forwarded Message
Geer Zolot White Paper: Clipper Initiative
On April 16, 1993, the U.S. Government issued a "Public Encryption Management"
directive, requesting that communications vendors install into their products
chips that implement a secret algorithm with controversial key-escrow
facilities. These chips (called "Clipper" and "Capstone") stem from work by
the NSA (National Security Agency) and its contractors; they implement the
SKIPJACK algorithm, which is classified SECRET and is therefore not available
for public review. For more information on the initiative, consult the
National Institute of Standards and Technology (NIST) Computer Security BBS
at 301.948.5717 or via Internet ftp to csrc.ncsl.nist.gov in the /pub/nistnews
directory.
The Government states that one motivation for this initiative is to allow
authorized wiretapping of encrypted communications by escrowing the keys
corresponding to individual components. A pair of "entities" (choices not
announced) will have responsibility for keeping keys secure and releasing
them only to government officials who have received legal authorization to
perform a wiretap.
The Government recommends use of the chips instead of already existing
cryptographic algorithms, such as the secret-key DES algorithm (a Federal
Information Processing Standard and the basis of Kerberos and other network
security tools) and the public-key RSA algorithm. Since DES and RSA have been
subject to public scrutiny, experts have tested and confirmed their strength,
which has led to their adoption within internationally-agreed networking
standards; since SKIPJACK is secret and can never receive this scrutiny, it
is unlikely that it will ever have such acceptance. Further, DES and RSA can
run in both hardware and software, which satisfies performance and system
integration requirements; the Government has limited Clipper/Capstone to
hardware, which restricts the range of systems that may use it.
For now, the Government is recommending that equipment vendors use the chips
on a voluntary basis; however, some observers regard the initiative as an
attempt to establish a precedent that could later lead to governmental
restrictions on the availability and use of open cryptographic systems. This
could limit innovation in cryptographic technology. Further, user
organizations could lose control over protecting and managing the keys on
which their security depends. This summer, the Government plans inter-agency
discussions of future policies in this area; observers have noted that policy
development should also reflect private sector interests. Concerns about
personal privacy raise additional controversy. Significant debate on these
topics is likely in upcoming months.
Geer Zolot Associates believes that availability of open and exportable
cryptography serves our clients' interests. Because of this, we are concerned
about the implications of the "Public Encryption Management" initiative, and
of its possible chilling effect on development, availability, and use of
cryptographic technology.
The initiative raises many issues, including:
o If the Government mandates enclosing cryptography in hardware modules,
this will surely delay the vital process of enhancing the security of
today's distributed computing base--it could even prevent some systems
from being secured at all. We want to avoid the prospect of our
clients being forced to choose between systems that satisfy their
operational needs and other systems containing Government-provided
hardware encryption components.
o Introducing a requirement for procurement, integration, and use of
special-purpose components (which manufacturers must separately handle
and program on a per-unit basis) will increase the cost of security
integration.
o If flaws in the hardware-implemented Clipper/Capstone cryptographic
algorithms ever come to light, users of the chips will have been
subjected to a data compromise from which no clear recovery path
exists.
o It appears that gaining access to a Clipper/Capstone chip's escrowed
keys, through whatever means (authorized or unauthorized), may reveal
the contents of all its encrypted traffic (past, present, and future).
Effectively, this is analogous to binding an unchangeable password
into hardware, an undesirable characteristic.
o It appears unlikely that international telecommunications users and
providers will reach uniform agreement on an encryption technology
whose algorithms are known only to the US Government. As a result, the
initiative may force companies engaging in international commerce to
use and support different encryption systems, depending on the parties
involved in the communication. Such a course of action will lead to
increased costs in hardware, software, user training, and systems
management.
We invite and encourage you to consider the Government initiative, including
its impact on your organizations and distributed system security plans, and
that you submit comments to your representatives. If your business plans rely
on open cryptographic systems, based on publicly documented algorithms and
available in hardware or software form, we encourage you to make this clear
to your representatives.
If you wish to share any of your comments or observations with us, we would
welcome them. Further, we are happy to serve as an organizer for assembling
and coordinating such information. Please indicate whether we may identify
your organization (specifically or generically) as the information's source.
John Linn & Dan Geer
------- End of Forwarded Message
this is forwarded to the cypherpunks mailing list with dan geer's permission.
peter