[2622] in cryptography@c2.net mail archive
Re: Director of Central Intelligence on Trust
daemon@ATHENA.MIT.EDU (David Koontz)
Fri May 1 17:41:33 1998
Date: Fri, 1 May 1998 11:26:23 -0700
From: koontz@netapp.com (David Koontz)
To: cme@acm.org, die@die.com, koontz@netapp.com, reinhold@world.std.com
Cc: cryptography@c2.net
>> Does anybody know whether the KOV-14 actually implements key
>>escrow such that a third party with access to all the private key
>>components supplied by NSA could intercept the contents of a secure call ?
>From having read a lot of Type I chip specs as well as those for the
clipper chips, The LEAF mechanism is borrowed from the ability to transmit
encrypted keys.
Historically, Type I encryption operates with purely centrallized key
distribution eliminating the need for key escrow. Daily and session
keys are generated in some equipments from a monthly key generating
key. The process could be expected to reduce the domain of possible
keys.
Even with Over The Air Re-keying, and pre-supposing intercept of
all traffic, the centrallized key authority could recover keys.
On the otherhand, the government is starting to use so much crypto
that they are ceding key generation to field authorities, especially
for tactial/theater use. Another driving pressure is the requirement
to remove the human-weak-link to security. The Air Force for instance
requires no-lone-zone handling of Top Secret keying material except
in tactical situations.
Just to add a little clarity, the Fortezza Plus card for type I
crypto includes an embedded type I chip. The security perimeter
for unencrypted keys is guaranteed to reside solely on that chip.
The chip will also not except keys without a valid cryptographic
checksum, which prevents you from doing unauthorized type I
encryption.
There is no guarantee that SDNS implementations using SKIPJACK
and clipper chips actually do key escrow. The bottom line is
that Fortezza got certified for upto Secret and the Krypton goes
to Top Secret.
A large part of that has to do with role and identity certification.
