From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Tue, 28 Sep 93 22:11:38 PDT
To: cypherpunks@toad.com
Subject: Orange book, the NSA, and the NCSC
In-Reply-To: <9309241531.AA13351@jazz.hal.com>
Message-ID: <9309290510.AA26874@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Jason Zions <jazz@hal.com> posted a clarification on a
misunderstanding that the Orange book has anything to do with
cryptographic algorithms, pointing out that it deals only with higher
level security issues.

However, his strong claim that the NSA is not involved with these
criteria whatsoever appears to be complete fantasy, as T. Newsham
pointed out, also indicating that the NCSC (Nat'l Center for Security &
Communications?) which ``came out with the original Trusted Criterion
rainbow books including the orange book'' is apparently just another
ugly NSA protrusion. In fact, I can remember people posting suggestions
when I first joined the list (a seeming eternity ago) that the NCSC is
*entirely* a front agency for the NSA, with no independent operation
whatsoever--supposedly essentially nothing but a reception office and a secretary.

I'm willing to accept that the Orange book doesn't specifically address
cryptography, and I appreciate the clarifications on something that is
one of the deepest, complex, and most obscure military handbooks, which
frankly I take some pride and relief in having very little knowledge
of, but I'm writing to correct another serious error in the original post:

>NSA is uninterested in making systems secure; their job is to
>break them anyway.

This is simply entirely incorrect. A *very* major aspect of the NSA
function, ever since its inception, involves the *creation* of secure
cryptographic algorithms and equipment. Skipjack is simply the first
`commercial' version ever introduced of a cryptographic algorithm. They
have supported virtually all branches of the U.S. military in the
code-making function. They are directly responsible for most encryption
schemes and devices used in military radio communication (tanks,
airplanes, ships, etc.). I understand the NSA even sells cryptographic
equipment to some countries (U.S. allies) making sure it can be
intercepted and decrypted -- this from claims of one of the `defectors'
of the agency, I believe. Bamford describes it all in _Puzzle_Palace_.

In fact, I've often stated the following position on the NSA, which
highlights its past dual role and future legitimate one: Since ``the
cold war is over'', if they are to exist at all, they should focus
their energy on something *constructive* like algorithm development and
not something *destructive* like its sinister vacuum-cleaner
intelligence slurping. Increasingly, the world is making the choice for them.