[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Key Escrow Papers



   We have scanned several of the handouts at the NIST Key
   Escrow Issues Meeting of September 6 (not present Sept 7).

   Perhaps someone, Pat Farrell or another, would be willing
   to make them available on a homepage or ftp site. If so we
   will send them over. If nobody volunteers we will send them
   by our puny e-mail contraption. Here's what we have ready
   to send:


   1. The outlines of meeting topics of Raymond Kammer of NIST
      and Michael Nelson of the White House. (7kb)


   2. Discussion Paper No. 4, "Example Potential Solutions for
      the Draft Export Criteria for Software Key Escrow
      Encryption," which offers example solutions for each of
      the ten criteria. (7kb)


   3. The Business Software Alliance's dissenting blast at the
      government's key escrow proposal and export limit. This
      paper was loudly applauded. (19kb)


   4. Trusted Informations Systems's "Thoughts on the NIST
      Escrow Issues Meeting Discussion Papers." (27kb in 2
      parts)


   5. TECSEC Incorporated's "Private Escrow Key Management: A
      Method and its Issues." (13kb)


   6. Dorothy Denning's "Comments on Draft Criteria for
      Software Key Escrow Exportability" and "Comments on
      Issues for Key Escrow Agents." (8kb)


   Two other papers will be scanned later:


   7. National Semiconductor's "Commercial Cryptography Ideas
      for Success" (9 pp. of large type) This contains
      graphics of the CAKE program and a "Proposed NIST Escrow
      Certificate Heirarchy" which cannot be easily
      distributed by us, so we offer this by fax.


   8. TECSEC's "The Merger of Technology and Cryptographic Key
      Management" (6 pp.).


   Note 1: It was Michael Nelson of the White House who said
   that the reason to maintain the 64-bit limit for export was
   because the key escrow methodology had not yet been proven
   reliable and that the security agencies insisted on the
   relatively weak system in case key escrow failed.


   Note 2: At the B-2 breakout session there was strong debate
   on a proposal for a "Criteria Zero":

      Before addressing any of the details of Criteria 3, 4
      and 9 as presented to us, Group B-2 registers its view
      that export under general license of strong encryption
      should not require key escrow.

   A vote on the proposal was 7 yes, 7 no and 13 absentions.
   It was not reported to the plenary session.