1995-07-27 - Decoded Version of KODMAIL.MSG

Header Data

From: johnl@radix.net (John A. Limpert)
To: cypherpunks@toad.com
Message Hash: 9c03c904a780cea8c573e1b7684294f8d6a44ed466a8719ea2dddd7b87e2bbde
Message ID: <199507270530.BAA08378@saltmine.radix.net>
Reply To: N/A
UTC Datetime: 1995-07-27 05:32:04 UTC
Raw Date: Wed, 26 Jul 95 22:32:04 PDT

Raw message

From: johnl@radix.net (John A. Limpert)
Date: Wed, 26 Jul 95 22:32:04 PDT
To: cypherpunks@toad.com
Subject: Decoded Version of KODMAIL.MSG
Message-ID: <199507270530.BAA08378@saltmine.radix.net>
MIME-Version: 1.0
Content-Type: text/plain


The American Bankers Association is attempting to address the privacy and
security needs of banks and bank customers by ensuring that each have access
to appropriate cryptographic tools.

The ABA Cryptographic Policy will be posted on this list later today.

         ************************************************




CONTACT:  Sonia Barbara			         FOR IMMEDIATE RELEASE
	         (202) 663-5469
(1995)

ABA REAFFIRMS SUPPORT FOR PRIVATE-SECTOR CONTROL 
OF CRYPTOGRAPHY

Association Recommends a 10-year Extension for the Data Encryption Standard

	WASHINGTON, July 21 -- The Data Encryption Standard (DES) should be
recertified for at least 10 more years to allow interested financial
institutions adequate time to convert to any new cryptography standard, the
American Bankers Association said in a policy statement issued today.
	Encryption is the process whereby sensitive data communications, such as
wire transfers, credit card and automated teller machine transactions, are
protected by secret codes to protect their confidentiality.   DES, released
in 1977, is the primary method used by financial institutions to encrypt
information.
	Critics say that the longer DES is used, the more likely its code could be
broken.
While realizing this could limit its life span as a government certified
standard, ABA warned that requiring banks to convert to a new standard by
1998 (the year DES's certification expires) could be prohibitively costly
due to the high level of electronic funds transfers secured by DES.  ABA
therefore encouraged the National Institute for Standards and Technology
(NIST) to continue to endorse DES as a Federal Information Processing
Standard (FIPS) for use by the financial community.
	There has been an ongoing debate regarding who should control the
development and support of private-sector computer security standards:  the
government or the private sector.  ABA strongly recommends that the U.S.
government work with the private sector and Congress in an open forum to
develop a comprehensive policy on the commercial use of cryptography. 
	In its newly-revised policy statement on cryptography, ABA proposed
alternatives 
to DES and outlined other criteria that must be met before changes in
cryptographic 
standards can be accepted by the banking industry.   These criteria -- which
will be 
(more) 

ABA CRYPTOGRAPHY POLICY/P2
presented next week to representatives of the White House, U.S. Department
of Commerce, National Security Agency (NSA) and federal banking agencies --
were developed following a two-day meeting held in June of bankers, vendors
and crypto experts concerned about the federal government's direction
regarding private-sector information security. 
	Specifically, ABA recommended:
	a  The financial services industry be allowed to continue to use DES based
on risk 	assessment (e.g. value of the transaction) and the business
application involved. 
	a  A security framework encompassing a family of commercially available
algorithms, including DES, be developed.  This framework should include a
process for negotiated algorithm selection based on the level of risk and
other 	business requirements.  
	a Opposition to government mandated key management systems for financial
applications where keys would have to be stored outside the financial
institution 	(e.g. key registration/surrender or the mandatory escrow of
cryptographic keys).  	Instead, banks should continue to be responsible for
key management and 	continue to cooperate with government for law
enforcement purposes, as required 	by law.
 	a Export of cryptography for financial applications must not be restricted.
	a Full participation of Congress and the private sector before establishing
a U.S. 	policy for the commercial use of cryptography, instead of being
carried out solely 	by Executive Order.
	[Note:  These recommendations were summarized.  For the full statement,
please 	call Sonia Barbara at 202/663-5469.]
	The American Bankers Association is the only national trade and
professional association serving the entire banking community, from small
community banks to large bank holding companies.  ABA members represent
approximately 90 percent of the commercial banking industry's total assets,
and about 94 percent of ABA members are community banks with assets less
than $500 million.
###
--
John A. Limpert
johnl@Radix.Net






Thread