The NSA continues to discover that financial cryptography is the only
cryptography that matters.
As Whit Diffie has said in the same vein, "InfoWar", whatever *that*
means, will be "fought" between businesses and private individuals,
and not governments. There's little that government crypto/security
agencies can do to assist entities in those conflicts, any more than
post-feudal religion could help much in conflicts between secular
nation-states.
So, in keeping with the spirit of the following article, I propose
that the US Government should follow their apparent instincts here,
privatize the NSA, and take it, heh..., public.
Cheers,
RAH
It's going to happen anyway, of course...
--- begin forwarded text
Mailing-List: contact [EMAIL PROTECTED]
From: "Dan S" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Fri, 22 Oct 1999 07:59:31 -0400
Subject: IP: Super-secret NSA transitioning to commercial services model
>From http://www.fcw.com/pubs/fcw/1999/1018/web-nsa-10-21-99.html
-
OCTOBER 21, 1999 . . . 11:29 EDT
----------------------------------------------------------------------------
----
Super-secret NSA transitioning to commercial services model
BY DIANE FRANK ([EMAIL PROTECTED])
The National Security Agency, the enigmatic signals intelligence arm of the
Defense Department, is breaking away from its traditional role of building
"black boxes" for encrypting highly classified information in favor of
offering security and certification services similar to those in commercial
industry.
Mike Jacobs, deputy director of information systems at NSA, said that while
the agency "will always have a traditional portion of our business building
'black boxes' . . . we are an organization in transition."
The agency increasingly is offering security assessment, testing, red teams
and diagnostics services to other Defense and civilian agencies, Jacobs said
Wednesday at the National Information Systems Security Conference. "This is
the growth area [and a] burgeoning new business," he said.
Rather than doing all the testing and validation of its own products for
itself, NSA will be relying on the National Information Assurance
Partnership (NIAP), a joint validation effort between NSA and the National
Institute of Standards and Technology.
In the past, NSA endorsed security products and procedures, and encouraged
their use by assuring members of the Defense and intelligence community that
such products would be "bulletproof" solutions, said Lou Giles, a member of
the NIAP from NSA.
Now, instead of products receiving NSA's endorsement, agencies will have to
bring their protection profiles -- the description of their information
environment and security needs -- to NSA, which will then certify that
process as one that meets certain NSA-approved security standards. NSA also
will evaluate and certify proposals from vendors.
"The customer still wants that NSA endorsement, Giles said. "But this is a
new philosophical paradigm of evaluation for commercial products that we're
moving to."
--
Dan S
------------------------------------------------------------------------
-
To subscribe, send email to: [EMAIL PROTECTED]
To unsubsubscribe, send email to: [EMAIL PROTECTED]
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
