[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Key Escrow Workshop agenda & discussion paper 3
- To: [email protected]
- Subject: Key Escrow Workshop agenda & discussion paper 3
- From: [email protected] (Anonymous)
- Date: Sat, 2 Sep 1995 03:30:07 +0200
- Organization: RePLaY aND CoMPaNY UnLimited
- Sender: [email protected]
- Xcomm: Replay may or may not approve of the content of this posting
- Xcomm: Report misuse of this automated service to <[email protected]>
Key Escrow Workshop agenda & discussion paper 3
September 1, 1995
Dear Participant:
Thank you for agreeing to participate in the two-day
meeting on software key escrow encryption. We are
anxious to work with you and other industry
representatives to facilitate development of exportable
key escrow encryption in software products. I look
forward to the workshop being an important step in that
process.
I have attached a draft agenda for the two days. I
propose that we spend the majority of our time discussing
a set of export criteria. In order to move that
discussion along, a draft set of criteria is attached.
The criteria state, in general terms, the government's
needs with respect to exportable software, consistent
with its law enforcement and national security
requirements. Since it is important that the final
criteria be clear, straightforward, consistent, and
implementable, Mike Nelson of the Office of Science and
Technology Policy will spend a few minutes describing
these criteria on the first morning of the meeting.
After that, we would like to hear your perspectives on
them and work with you to refine them. On the second
day, we plan to discuss the export licensing process for
such products, and begin exploring characteristics of
acceptable key escrow agents.
Again, thank you for your participation. I look forward
to seeing you there.
Sincerely,
/ s /
Raymond G. Kammer
Deputy Director
Attachments
--------------------------------------------------------
TENTATIVE AGENDA
Key Escrow Issues Meeting
September 6-7, 1995
National Institute of Standards and Technology
Gaithersburg, Maryland
Wednesday, September 6, 1995
9:00 Welcome, Agenda Overview, Logistics
Ed Roback, NIST
9:10 Review of Meeting Goals
Ray Kammer, NIST Deputy Director
Session I -- Software Key Escrow Exportability Criteria
9:20 Briefing -- Discussion Draft of Software
Key Escrow Export Criteria
Michael Nelson, Office of Science and
Technology Policy
10:00 Industry Perspectives on Exportability
Criteria
(Industry briefings/reactions 5-10
minutes max.)
10:45 Break
11:00 Industry Perspectives on Exportability
Criteria, continued.
11:45 Discussion of Breakout Session Tasks
At registration, you will be asked to sign
up for a breakout session.
Groups A1, A2: Criterion #2
Groups B1, B2: Criteria #3, 4, 9
Groups C1, C2: Criteria #5, 6
Groups D1, D2: Criteria #7, 8
Criterion #10 is the subject of Session
II, and criterion #1 (64-bit) is
straight-forward.
Breakout room assignments will be
announced at this time.
12:00 Lunch (on own, cafeteria available)
1:00 Breakout session #1
Groups will be asked to:
1) determine whether each criterion is
clear and, if not, propose appropriate
modifications;
2) identify issues (which may arise from
the criteria assigned to the group) which
need to be addressed, and by whom; and
3) develop technical ideas/approaches for
achieving each criterion.
3:00 Break
3:15 Plenary -- Reports from Breakout Session
#1
4:00 Breakout Session #2
Participants will be asked to select
either a technical or criteria-focused
group.
Technical groups are asked to:
1) synthesize the proposed technical
approaches (just presented in plenary) and
identify/discuss the most promising
approaches.
Criteria focused groups are asked to:
1) look at all criteria and the
comments/issues raised and propose ways to
reconcile any differences; and
2) prioritize the issues that remain to
be addressed, if any, for each criterion.
5:00 End of day
Thursday, September 7, 1995
9:00 Plenary -- Reports from Breakout Session
#2
9:45 Export Licensing Process
Randy Williams, U.S. Dept. of Commerce
Dan Cook, U.S. Dept. of State
10:15 Questions / Discussion
10:30 Break
Session II -- Desirable Characteristics for Key Escrow
Agents
10:45 Panel: Government Perspectives on Key
Escrow Agent Issues
Geoff Greiveldinger, U.S. Dept. of Justice
Ray Kammer, NIST
Penny Brummitt, NSA
11:30 Industry Perspectives on K.E. Agent Issues
12:30 Lunch (on own, cafeteria available)
1:30 Breakout Session #3
Each group is asked to identify proposed
key criteria for desirable escrow agents.
Same groups and room assignments as
Breakout session #1.
2:45 Break
3:00 Plenary - Report of Breakout Sessions
Session III -- Other Related Issues
3:30 Other Issues
This is an opportunity for participants to
raise related key escrow issues.
4:30 Follow-up Issues & Wrap-up
4:45 Adjourn
Note: The meeting will be open to the public, although
seating is limited. Advance registration is requested,
please contact Arlene Carlton on 301/975-3240, fax:
301/948-1784 or e-mail: [email protected].
_ _ _
9/1/95
--------------------------------------------------------
Key Escrow Issues Meeting, September 6-7, 1995
Discussion Paper #3
Export Criteria Discussion Draft -- 64-bit Software Key
Escrow Encryption
As discussed at the SPA/AEA meeting on August 17, 1995,
the Administration is willing to allow the export of
software encryption provided that the products use
algorithms with key space that does not exceed 64 bits
and the key(s) required to decrypt messages/files are
escrowed with approved escrow agents. On the same date,
the September 6-7 key escrow issues meeting at NIST was
also announced. The two principal topics at the meeting
will be: discussion of issues of exportability of 64-bit
software key escrow encryption and 2) desirable
characteristics for key escrow agents.
In order to help make most productive use of the limited
time available at the upcoming meeting and to better
focus deliberation, the following criteria are being
distributed for discussion purposes. Since it is
important that final criteria be clear, straightforward,
consistent, and implementable, please review these draft
criteria and be prepared to discuss how they may be
refined and made more specific.
Draft Export Criteria for Software Key Escrow Encryption
Software key escrow encryption products meeting the
following criteria will be granted special export
licensing treatment similar to that afforded other
mass-market software products with encryption.
1. The product will use an unclassified encryption
algorithm (e.g., DES, RC4) with a key length not to
exceed 64 bits.
2. The product shall be designed to prevent multiple
encryption (e.g., triple-DES).
3. The key required to decrypt each message or file
shall be accessible through a key escrow mechanism
in the product, and such keys will be escrowed
during manufacture in accordance with #10. If such
keys are not escrowed during manufacture, the
product shall be inoperable until the key is
escrowed in accordance with #10.
4. The key escrow mechanism shall be designed to
include with each encrypted message or file, in a
format accessible by authorized entities, the
identity of the key escrow agent(s), and
information sufficient for the escrow agent(s) to
identify the key or key components required to
decrypt that message.
5. The product shall be resistant to any alteration
that would disable or circumvent the key escrow
mechanism, to include being designed so that the
key escrow mechanism cannot be disabled by a static
patch, (i.e., the replacement of a block of code by
a modified block).
6. The product shall not decrypt messages or files
encrypted by non-escrowed products, including
products whose key escrow mechanisms have been
altered or disabled.
7. The key escrow mechanism allows access to a user's
encrypted information regardless of whether that
user is the sender or the intended recipient of the
encrypted information.
8. The key escrow mechanism shall not require repeated
involvement by the escrow agents for the recovery
of multiple decryption keys during the period of
authorized access.
9. In the event any such product is or may be
available in the United States, each production
copy of the software shall either have a unique key
required for decrypting messages or files that is
escrowed in accordance with #10, or have the
capability for its escrow mechanism to be rekeyed
and any new key to be escrowed in accordance with
#10.
10. The product shall accept escrow of its key(s) only
with escrow agents certified by the U.S. Government
or by foreign governments with which the U.S.
Government has formal agreements consistent with
U.S. law enforcement and national security
requirements.
Note: Software products incorporating additional
encryption methods other than key escrow encryption
methods will be evaluated for export on the basis of each
encryption method included, as is already the case with
existing products. Accordingly, these criteria apply only
to the key escrow encryption method incorporated by a
software product, and not to other non-escrowed
encryption methods it may incorporate. For instance,
non-escrowed encryption using a key length of 40 bits
or less will continue to be exportable under existing
export regulations.
- - -
Please also review discussion paper #1 (distributed
earlier), which raises a number of issues involving
exportability criteria and how exportable products could
be designed. Discussion paper #2 (also previously
distributed) presents questions involving key escrow
agents.
Note: These issues will be discussed at the Key Escrow
Issues Meeting to be held September 6-7, 1995 (9:00 a.m.
- 5:00 p.m.) at the National Institute of Standards and
Technology (Gaithersburg, Maryland). The meeting will be
open to the public, although seating is limited. Advance
registration is requested, please contact Arlene Carlton
on 301/975-3240, fax: 301/948-1784 or e-mail:
[email protected].
9/1/95