From: johnl@radix.net (John A. Limpert)
To: cypherpunks@toad.com
Message Hash: 9c03c904a780cea8c573e1b7684294f8d6a44ed466a8719ea2dddd7b87e2bbde
Message ID: <199507270530.BAA08378@saltmine.radix.net>
Reply To: N/A
UTC Datetime: 1995-07-27 05:32:04 UTC
Raw Date: Wed, 26 Jul 95 22:32:04 PDT
From: johnl@radix.net (John A. Limpert)
Date: Wed, 26 Jul 95 22:32:04 PDT
To: cypherpunks@toad.com
Subject: Decoded Version of KODMAIL.MSG
Message-ID: <199507270530.BAA08378@saltmine.radix.net>
MIME-Version: 1.0
Content-Type: text/plain
The American Bankers Association is attempting to address the privacy and
security needs of banks and bank customers by ensuring that each have access
to appropriate cryptographic tools.
The ABA Cryptographic Policy will be posted on this list later today.
************************************************
CONTACT: Sonia Barbara FOR IMMEDIATE RELEASE
(202) 663-5469
(1995)
ABA REAFFIRMS SUPPORT FOR PRIVATE-SECTOR CONTROL
OF CRYPTOGRAPHY
Association Recommends a 10-year Extension for the Data Encryption Standard
WASHINGTON, July 21 -- The Data Encryption Standard (DES) should be
recertified for at least 10 more years to allow interested financial
institutions adequate time to convert to any new cryptography standard, the
American Bankers Association said in a policy statement issued today.
Encryption is the process whereby sensitive data communications, such as
wire transfers, credit card and automated teller machine transactions, are
protected by secret codes to protect their confidentiality. DES, released
in 1977, is the primary method used by financial institutions to encrypt
information.
Critics say that the longer DES is used, the more likely its code could be
broken.
While realizing this could limit its life span as a government certified
standard, ABA warned that requiring banks to convert to a new standard by
1998 (the year DES's certification expires) could be prohibitively costly
due to the high level of electronic funds transfers secured by DES. ABA
therefore encouraged the National Institute for Standards and Technology
(NIST) to continue to endorse DES as a Federal Information Processing
Standard (FIPS) for use by the financial community.
There has been an ongoing debate regarding who should control the
development and support of private-sector computer security standards: the
government or the private sector. ABA strongly recommends that the U.S.
government work with the private sector and Congress in an open forum to
develop a comprehensive policy on the commercial use of cryptography.
In its newly-revised policy statement on cryptography, ABA proposed
alternatives
to DES and outlined other criteria that must be met before changes in
cryptographic
standards can be accepted by the banking industry. These criteria -- which
will be
(more)
ABA CRYPTOGRAPHY POLICY/P2
presented next week to representatives of the White House, U.S. Department
of Commerce, National Security Agency (NSA) and federal banking agencies --
were developed following a two-day meeting held in June of bankers, vendors
and crypto experts concerned about the federal government's direction
regarding private-sector information security.
Specifically, ABA recommended:
a The financial services industry be allowed to continue to use DES based
on risk assessment (e.g. value of the transaction) and the business
application involved.
a A security framework encompassing a family of commercially available
algorithms, including DES, be developed. This framework should include a
process for negotiated algorithm selection based on the level of risk and
other business requirements.
a Opposition to government mandated key management systems for financial
applications where keys would have to be stored outside the financial
institution (e.g. key registration/surrender or the mandatory escrow of
cryptographic keys). Instead, banks should continue to be responsible for
key management and continue to cooperate with government for law
enforcement purposes, as required by law.
a Export of cryptography for financial applications must not be restricted.
a Full participation of Congress and the private sector before establishing
a U.S. policy for the commercial use of cryptography, instead of being
carried out solely by Executive Order.
[Note: These recommendations were summarized. For the full statement,
please call Sonia Barbara at 202/663-5469.]
The American Bankers Association is the only national trade and
professional association serving the entire banking community, from small
community banks to large bank holding companies. ABA members represent
approximately 90 percent of the commercial banking industry's total assets,
and about 94 percent of ABA members are community banks with assets less
than $500 million.
###
--
John A. Limpert
johnl@Radix.Net
Return to July 1995
Return to “johnl@radix.net (John A. Limpert)”
1995-07-27 (Wed, 26 Jul 95 22:32:04 PDT) - Decoded Version of KODMAIL.MSG - johnl@radix.net (John A. Limpert)