--- begin forwarded text
Date: Fri, 01 Jan 1999 15:05:09 -0500
From: "Kawika Daguio" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: Triple DES ``standard``?
Folks,
I have been handling the technology policy and risk management issues at
aba since 1992 and was at the Treasury before that. I often see odd
reflections of the meetings and policy documents we are involved in and
want to set the record straight.
I can tell you that no one can tell the financial services industry how to
secure its systems. We talk to everyone, solicit a lot of advice, work
with likeminded and some not so likeminded groups to find solutions that
work for everyone, but no one tells us how to secure our systems.
We have the greatest incentive, the most insight, experience, and the
budgets (financial & other resources, change resources for example) that
put us in the proper position to decide what we need to do.
We appreciate the input of the NSA, NIST, and OMB.
We work with the FBI, NSC and other alphabet soup agencies because we have
interests in common. These common interests include preventing or stopping
fraud, preventing attacks on our infrastructure. We may have other
disagreements, but over time (and when we are in the right) our policy
positions prevail.
The battle over crypto (3des and clipper and export issues) has occupied my
time (partially) since 1993.
Previous characterizations of the process lack a recognition of the
complexity of the process and relationships between the parties involved.
Much of the battles that appear to be being fought when looking at the
historical record are dances performed for audiences outside the room and
contradicted by personal communications between the two parties in the room.
When the proper parties (government and industry) work to educate each
other over time, most of the problems and the politics "go away."
After a great deal of work on all sides, we are pleased with the outcome:
The 3des standard is in place;
The AES is moving forward;
The Federal government is adopting our standards:
Export controls are no longer a restriction;
Import controls (in other countries) are being addressed;
Public key crypto and technology is positioned to supplement and in some
places replace des;
The industry has the foundations of a new policy in place to ensure that
future transitions are smooth and less costly.
I would encourage folks to stay away from looking at the day to day
historical record because it isn't terribly instructive. The most
important communications that take place in these debates are face to face
or over the telephone where records are not kept. In addition, the most
aggressive and least representative communications are the ones sent and
preserved on paper. Lastly, just like sausagemaking, policy making isn't a
pretty process.
Happy New Year.
Kawika Daguio
speaking for myself, not the American Bankers Association (I am on vacation)
If someone would still like the record of the votes, I will provide it upon
request after I return to the office.
<<< Robert Hettinga <[EMAIL PROTECTED]> 12/30 6:53p >>>
--- begin forwarded text
Reply-To: <[EMAIL PROTECTED]>
From: "Rich Ankney" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, "Digital Bearer Settlement List"
<[EMAIL PROTECTED]>,
"Robert Hettinga" <[EMAIL PROTECTED]>
Subject: Re: Triple DES "standard"?
Date: Wed, 30 Dec 1998 09:40:38 -0500
Sender: <[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]?subject=subscribe%20dbs>
<snip>
> Actually, as I recall the tale, the Amercian Bankers
> Association-sponsored ANSI-accredited X.9 Committee's blessing of DES3
was
> itself pretty interesting.
>
> I understood that the NSA lobbied bitterly against the X9 effort to
> standardize 3DES as an ANSI standard, insisting that DES would surfice
> until its successor was chosen.
>
> A couple years ago, when the X9 committee -- or maybe one of the X9
> crypto subcommittees -- rejected that advice and initially recommended
that
> 3DES be made a standard, I was told that the NSA rep angrily declared
that
> 3DES would _never_ get an export license and would never be shipped
> overseas. (Which may have put a damper on the 3DES standardization
> effort;-)
>
> Unfortunately, these standards development efforts usually escape
> the media's attention. Anyone on the list active in X9 and can give us
the
> real story?
>
I was at the meeting. This was a meeting of (I think) X9F3, which is a
working
group in X9F, which has several working groups doing security. 3DES was
being pushed really hard by the Fed. The vote was to get a sense of how
much interest there was in a 3DES standard. (There is no requirement to
have such a vote to work on something; the X9 rules require a new work item
ballot sent to all X9 members.) The NO votes were, IIRC, from NSA (with the
above quote, more or less), IRS, and IRE (a commercial outfit located in
Baltimore). NIST abstained. I don't recall the official X9 vote, but it
was along
the same lines. The work was done in a different working group, X9F1,
chaired
by the legendary Blake Greenlee. The standard was published a few months
ago. Again, the Fed pushed really hard on this; kudos to them.
I'm sure Cindy Fuller of the X9 Secretariat ([EMAIL PROTECTED]) would have
the
official X9 ballot results if anyone is interested...
> Since the birth of X9 in the late 70s, the US National Security
> Agency has its own representative on the X9 Committee. As one might
> expect, the NSA has traditionally had significant influence over the ANSI
> "F" (crypto) subcommittees and cryptographic standards in financial
> services. There was a time when Ft. Meade effectively dictated those
> standards. Now, that is not necessarily so....
>
> (After the NSA blundered so badly in trying to force the Banking
> industry to switch from DES to CCEP/Clipper in the late 80s, the Agency's
> mesmerizing control broken. The initial intro of CCEP/Clipper -- at an
ABA
> meeting -- proposed that only US owned institutions could have access to
> Clipper. At the time, as I recall, maybe 10-15 percent of the US banks
> were foreign owned;-) The bankers couldn't believe that these idiots --
> obviously so ignorant about the workings of the industry they were trying
> to defacto regulate -- were from the NSA of Legend and Lore.)
>
I didn't start attending meetings till the early '90's, but I can certainly
testify that Clipper/Fortezza were pushed really hard. In fact, X9F1 may
still have open work items on some of this stuff (no work going on, but
it needs a formal vote to remove it from the list). My major objection was
the attempt to standardize on a particular *product*, which used classified
algorithms, vs. standardizing on a public algorithm which could be
implemented
in H/W or S/W. So X9 ended up with: 3DES instead of Skipjack; DSA and
RSA (and ECDSA real soon now) for signatures; and DH, RSA, and EC (real
soon now) for key management. It's interesting that our DH standard seems
to have reinvented much of the interesting stuff in KEA.
Regards,
Rich
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: [EMAIL PROTECTED]>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: [EMAIL PROTECTED]>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
