[1133] in cryptography@c2.net mail archive
White House White Paper: Encryption
daemon@ATHENA.MIT.EDU (Donald Weightman)
Tue Jul 1 14:58:31 1997
Date: Tue, 1 Jul 1997 13:12:52 -0400 (EDT)
To: Declan McCullagh <declan@well.com>, cryptography@c2.net
From: Donald Weightman <dweightman@Radix.Net>
Here is what the Administration White Paper on Net commerce released today
(?) says about security and encryption.
==============
The GII must be secure and reliable. If Internet users do not have
confidence that their
communications and data are safe from unauthorized access or modification,
they will be unlikely to
use the Internet on a routine basis for commerce.
A secure GII requires:
1.secure and reliable telecommunications networks;
2.effective means for protecting the information systems attached to
those networks;
3.effective means for authenticating and ensuring confidentiality of
electronic information to
protect data from unauthorized use; and
4.well trained GII users who understand how to protect their systems and
their data.
There is no single "magic" technology or technique that can ensure
that the GII will be secure
and reliable. Accomplishing that goal requires a range of technologies
(encryption, authentication,
password controls, firewalls, etc.) and effective, consistent use of those
technologies, all supported
globally by trustworthy key and security management infrastructures.
Of particular importance is the development of trusted certification
services that support the
digital signatures that will permit users to know whom they are
communicating with on the Internet.
Both signatures and confidentiality rely on the use of cryptographic keys.
To promote the growth of
a trusted electronic commerce environment, the Administration is
encouraging the development of a
voluntary, market-driven key management infrastructure that will support
authentication, integrity,
and confidentiality.
Encryption products protect the confidentiality of stored data and
electronic communications
by making them unreadable without a decryption key. But strong encryption
is a double-edged
sword. Law abiding citizens can use strong encryption to protect their
trade secrets and personal
records. But those trade secrets and personal records could be lost forever
if the decrypt key is lost.
Depending upon the value of the information, the loss could be quite
substantial. Encryption can also
be used by criminals and terrorists to reduce law enforcement capabilities
to read their
communications. Key recovery based encryption can help address some of
these issues.
In promoting robust security needed for electronic commerce, the
Administration has already
taken steps that will enable trust in encryption and provide the safeguards
that users and society will
need. The Administration, in partnership with industry, is taking steps to
promote the development of
market-driven standards, public-key management infrastructure services and
key recoverable
encryption products. Additionally, the Administration has liberalized
export controls for commercial
encryption products while protecting public safety and national security
interests.
The Administration is also working with Congress to ensure legislation
is enacted that would
facilitate development of voluntary key management infrastructures and
would govern the release of
recovery information to law enforcement officials pursuant to lawful
authority.
The U.S. government will work internationally to promote development
of market- driven key
management infrastructure with key recovery. Specifically, the U.S. has
worked closely within the
OECD to develop international guidelines for encryption policies and will
continue to promote the
development of policies to provide a predictable and secure environment for
global electronic
commerce.
http://www.iitf.nist.gov/eleccomm/ecomm.htm
cheers
.........................................
Donald Weightman
dweightman@radix.net
