From: peter honeyman <honey@citi.umich.edu>
Date: Mon, 28 Jun 93 09:06:06 PDT
To: cypherpunks@toad.com
Subject: Geer Zolot White Paper: Clipper Initiative
Message-ID: <9306281606.AA15299@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message

Geer Zolot White Paper: Clipper Initiative

On April 16, 1993, the U.S. Government issued a "Public Encryption Management" 
directive, requesting that communications vendors install into their products 
chips that implement a secret algorithm with controversial key-escrow 
facilities. These chips (called "Clipper" and "Capstone") stem from work by 
the NSA (National Security Agency) and its contractors; they implement the 
SKIPJACK algorithm, which is classified SECRET and is therefore not available 
for public review. For more information on the initiative, consult the 
National Institute of Standards and Technology (NIST) Computer Security BBS 
at 301.948.5717 or via Internet ftp to csrc.ncsl.nist.gov in the /pub/nistnews 
directory.

The Government states that one motivation for this initiative is to allow 
authorized wiretapping of encrypted communications by escrowing the keys 
corresponding to individual components. A pair of "entities" (choices not 
announced) will have responsibility for keeping keys secure and releasing 
them only to government officials who have received legal authorization to 
perform a wiretap.

The Government recommends use of the chips instead of already existing 
cryptographic algorithms, such as the secret-key DES algorithm (a Federal 
Information Processing Standard and the basis of Kerberos and other network 
security tools) and the public-key RSA algorithm. Since DES and RSA have been 
subject to public scrutiny, experts have tested and confirmed their strength, 
which has led to their adoption within internationally-agreed networking 
standards; since SKIPJACK is secret and can never receive this scrutiny, it 
is unlikely that it will ever have such acceptance. Further, DES and RSA can 
run in both hardware and software, which satisfies performance and system 
integration requirements; the Government has limited Clipper/Capstone to 
hardware, which restricts the range of systems that may use it.

For now, the Government is recommending that equipment vendors use the chips 
on a voluntary basis; however, some observers regard the initiative as an 
attempt to establish a precedent that could later lead to governmental 
restrictions on the availability and use of open cryptographic systems. This 
could limit innovation in cryptographic technology. Further, user 
organizations could lose control over protecting and managing the keys on 
which their security depends. This summer, the Government plans inter-agency 
discussions of future policies in this area; observers have noted that policy 
development should also reflect private sector interests. Concerns about 
personal privacy raise additional controversy. Significant debate on these 
topics is likely in upcoming months.

Geer Zolot Associates believes that availability of open and exportable 
cryptography serves our clients' interests. Because of this, we are concerned 
about the implications of the "Public Encryption Management" initiative, and 
of its possible chilling effect on development, availability, and use of 
cryptographic technology. 

The initiative raises many issues, including:

      o	If the Government mandates enclosing cryptography in hardware modules, 
	this will surely delay the vital process of enhancing the security of 
	today's distributed computing base--it could even prevent some systems 
	from being secured at all. We want to avoid the prospect of our 
	clients being forced to choose between systems that satisfy their 
	operational needs and other systems containing Government-provided 
	hardware encryption components.

      o	Introducing a requirement for procurement, integration, and use of 
	special-purpose components (which manufacturers must separately handle 
	and program on a per-unit basis) will increase the cost of security 
	integration.

      o	If flaws in the hardware-implemented Clipper/Capstone cryptographic 
	algorithms ever come to light, users of the chips will have been 
	subjected to a data compromise from which no clear recovery path 
	exists. 

      o	It appears that gaining access to a Clipper/Capstone chip's escrowed 
	keys, through whatever means (authorized or unauthorized), may reveal 
	the contents of all its encrypted traffic (past, present, and future). 
	Effectively, this is analogous to binding an unchangeable password 
	into hardware, an undesirable characteristic.

      o	It appears unlikely that international telecommunications users and 
	providers will reach uniform agreement on an encryption technology 
	whose algorithms are known only to the US Government. As a result, the 
	initiative may force companies engaging in international commerce to 
	use and support different encryption systems, depending on the parties 
	involved in the communication. Such a course of action will lead to 
	increased costs in hardware, software, user training, and systems 
	management. 

We invite and encourage you to consider the Government initiative, including 
its impact on your organizations and distributed system security plans, and 
that you submit comments to your representatives. If your business plans rely 
on open cryptographic systems, based on publicly documented algorithms and 
available in hardware or software form, we encourage you to make this clear 
to your representatives. 

If you wish to share any of your comments or observations with us, we would 
welcome them. Further, we are happy to serve as an organizer for assembling 
and coordinating such information. Please indicate whether we may identify 
your organization (specifically or generically) as the information's source.

John Linn & Dan Geer

------- End of Forwarded Message

this is forwarded to the cypherpunks mailing list with dan geer's permission.

		peter