[1248] in cryptography@c2.net mail archive
Re: Fortezza dying on the vine?
daemon@ATHENA.MIT.EDU (Kent Crispin)
Fri Jul 25 15:30:38 1997
Date: Fri, 25 Jul 1997 11:32:26 -0700
From: Kent Crispin <kent@songbird.com>
To: cryptography@c2.net
On Fri, Jul 25, 1997 at 12:07:40PM -0500, Vin McLellan wrote:
[...]
>
> Until fairly recently, IMHO, NSA was so fixated on GAKing the
> confidentiality inherent in PKI that they failed to realize that commercial
> operations (including maybe 60-70 percent of DoD, and 95 percent of the
> federal government) are far more eagerly awaiting the administrative
> efficiencies they see in other aspects of the digital signature
> (authentication, non-repudiation.) The spooks worry about whispered
> secrets; the quartermaster (and the rest of the federal government) are
> excited about PKI-based EDI, contracts, orders, other administrative
> mainstays online. And to gain the commercial and administrative benefits
> of PKI, the government agencies need to be able to interact, authenticate,
> and validate messages from outside the NSA's Fortezza ghetto, where the
> rest of the world has standardized on RSA-based PKI. When Sandia or the
> Forestry Service needs toilet paper or paper clips, they want to be able
> send an authenticated PO to someone besides Ft. Meade.
This is THE important point, IMO. It is mundane commerce that is the
real force to reckon with in all the crypto debates. To the extent
that business wants key recovery mechanisms, there will be key
recovery mechanisms. The US gov may be able to bend things somewhat,
but the bottom line is the needs of commerce are what will drive things.
> The whole point of a hierarchtical national PKI is open and random
> interoperability. If point to point interaction is the goal, better to
> just pass out PGP and let everyone set up their own secure enclaves with
> independent key servers, and ignore the possibilities and problems of X509
> certs.
These two models are not mutually exclusive, of course. In the
international arena things are considerably more complex.
[...]
> Still, Fortezza soaked up a lot of money and ego. It is currently
> a major embarrassment, but there are powerful players eager to salvage it,
> if at all possible. It will never be the national PKI the spooks dreamed
> of -- but it may survive if Skipjack is declassified and the RSA-based
> "outside world" can intereact with it. Odd, to see the US government
> locked into the weaker (80-bit Skipjack) crypto, while world commerce locks
> on 128-bit symmetric security. Gives one pause. Agendas come in layers in
> US crypto politics, like the layers of an onion. All us paranoids ask:
> What's the next layer down?
A vacuum, probably.
DOE is working on a department wide PK policy. The early thoughts
only concerned TTP models with escrowed keys being mandatory. But the
technology already in use makes that untenable -- CIAC security
advisories, for example, are signed with PGP, for obvious good
reasons. SSH is in wide use by sys admins across DOE. Kerberos 5.0,
I understand has optional PK support, and is in use in various
facilities across the DOE complex. People are already using SSL with
their browsers and web servers, for all kinds of things. Other lower
level protocols that use PK technology are in development or in use.
It is now understood that a DOE wide policy has to address these
realities...
Policy makers, by inclination, are typically not technically oriented,
and by necessity operate by reflex when they deal with things they
don't understand. Reflexes are always very conservative and
protective, so that is always the initial position you see.
Incidentally, Vin, from what little I am able to see, your analysis
is spot on.
--
Kent Crispin "No reason to get excited",
kent@songbird.com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html
