[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Microsoft, Master-Keys, and DMS
Perry writes:
> As I've noted, according to a reliable source, Microsoft is a vendor
> of software for DMS, so although its not part of the products Merriman
> is mentioning, there are key escrow features in some software being
> delivered by Microsoft.
I've heard on the net that the Defense Messaging System (DMS) will be using Tessera cards,
but I really don't understand how they could use a key-escrow* system for classified data,
which is what the DMS is designed to carry. After all, that would mean that the
classified data would be accessible to people without a direct need to know,
which is non-kosher.
At minimum, the master key for each card would have to be classified at the
maximum level the card is authorized for (non-surprising), and the Key Generating Bureau's
Family keys would have to be classified at the maximum level *any* cards using it
are authorized for (or different family keys for each level, I suppose, which has the
added benefit of making different-level cards non-interoperable.) But making that
data classified means that classified data needs to be stored on the card,
which either means handling it as classified material (awkward), or putting *lots* of trust in
the chip's tamperproofnesss (doubtful).
Alternatively, there may be some way to get Tessera cards to do Skipjack encryption
without sending the wiretap block at the beginning of the conversation,
either by simply not doing it, or by superencrypting that block for transmission
(which is the classic Clipperphone hack known since the beginning.)
Bill