From: “Pat Farrell” <pfarrell@cs.gmu.edu>
To: cypherpunks@toad.com
Message Hash: 8ab5e722205c0002ac0ae41460034d19d0231e6bb8898ff30b7714a7cc68a7a1
Message ID: <40485.pfarrell@cs.gmu.edu>
Reply To: N/A
UTC Datetime: 1993-04-18 15:14:40 UTC
Raw Date: Sun, 18 Apr 93 08:14:40 PDT
From: "Pat Farrell" <pfarrell@cs.gmu.edu>
Date: Sun, 18 Apr 93 08:14:40 PDT
To: cypherpunks@toad.com
Subject: Knowledge of cryptography, Was: RE: More True Names: The NIST Security Board
Message-ID: <40485.pfarrell@cs.gmu.edu>
MIME-Version: 1.0
Content-Type: text/plain
Harry identified several names on the CLIPPER list, including:
>mcnulty@ecf = F. Lynn McNulty an associate director for computer
>security at the National Institute of Standards and Technology's
>Computer Systems Laboratory
At this Fall's National Computer Security Conference, Mr. McNulty
was a speaker on the NIST's digital signature session. They talked about
both the non-RSA DSS, and use of Certifying Authorities with a RSA-based
scheme.
At that same conference, I gave a paper on security that described
a fishnet of trust between systems. This was written in February 92,
well before I read Phil's "web of trust" from the PGP docs, which I
read sometime over the summer.
During the Q&A, I asked Mr NcNulty to compare the advantages and
disadvantages of a heirarchical CA approach to an interlocking fishnet/web
of trust. I hoped he would at least recognize that any heirarchy has
problems from the top down if an upper level is compromised. Instead,
he could not address any differences. I believe that working in the
government has made the hierarchy seem to be the only implementation that
he envisioned. He fobbed the question off to one of his technical
underlings, but he, too, was unable to answer it (or even coherently
address it).
I believed then (and still do) that the closed loop process used
by NIST and the TLAs has caused them to overlook a number of promissing
alternatives. This means that we crypto-provacy advocates must start an
education effort.
Pat
Return to April 1993
Return to ““Pat Farrell” <pfarrell@cs.gmu.edu>”
1993-04-18 (Sun, 18 Apr 93 08:14:40 PDT) - Knowledge of cryptography, Was: RE: More True Names: The NIST Security Board - “Pat Farrell” <pfarrell@cs.gmu.edu>