From: fudman <fudman@nist.gov>
Date: Wed, 25 Jun 1997 15:06:00 +0800
To: cypherpunks@Algebra.COM
Subject: tacdfipsfkmi: What the gov't wants
Message-ID: <33B0C020.4035@nist.gov>
MIME-Version: 1.0
Content-Type: text/plain



What the government wants in a key recovery system.
And, ummm: doesn't Benaloh work for Microsoft?

>From ...
        Minutes of the February 19-20, 1997 Meeting of the 
                   Technical Advisory Committee 
       to Develop a Federal Information Processing Standard 
           for the Federal Key Management Infrastructure



2.      Security Models working group chaired by Dr. Brickell. Dr.
Benaloh was
asked to give their report in Dr. Brickell's absence. Dr. Benaloh said
that
there was a good deal of overlap between the requirements and framework
groups and they are trying to separate the two.  
!!!!!!!!!!!!!!!!!
He stated that from what
the agencies presented, they are looking for a flexible mandatory
standard,
covering both stored and transmitted data, for commercially available
off-the-shelf products.  
!!!!!!!!!!!!!!!!!

A major issue noted was the matter of flexibility.
The standard must be broad enough to allow products to be developed by
anyone.  The scope of this working group was stated by Mr. Chokhani as
identifying things such as key recovery agents, TTPs, two entity
systems,
integrity, authorization of keys, confidentiality of information, and
accountability, especially of key recovery agents.