From: Robert Hettinga <rah@shipwright.com>
To: cypherpunks@cyberpass.net
Message Hash: ca47f8f6ad1cf4df7a88631dc6b73bdcbce1675506279e208a569821a3d15c21
Message ID: <v04020a06b2affd7b8e10@[139.167.130.247]>
Reply To: N/A
UTC Datetime: 1998-12-30 16:35:03 UTC
Raw Date: Thu, 31 Dec 1998 00:35:03 +0800
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 31 Dec 1998 00:35:03 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Triple DES "standard"?
Message-ID: <v04020a06b2affd7b8e10@[139.167.130.247]>
MIME-Version: 1.0
Content-Type: text/plain
--- begin forwarded text
Reply-To: <rankney@erols.com>
From: "Rich Ankney" <rankney@erols.com>
To: <dcsb@ai.mit.edu>, "Digital Bearer Settlement List"
<dbs@philodox.com>,
"Robert Hettinga" <rah@shipwright.com>
Subject: Re: Triple DES "standard"?
Date: Wed, 30 Dec 1998 09:40:38 -0500
Sender: <dbs@philodox.com>
List-Subscribe: <mailto:requests@philodox.com?subject=subscribe%20dbs>
<snip>
> Actually, as I recall the tale, the Amercian Bankers
> Association-sponsored ANSI-accredited X.9 Committee's blessing of DES3
was
> itself pretty interesting.
>
> I understood that the NSA lobbied bitterly against the X9 effort to
> standardize 3DES as an ANSI standard, insisting that DES would surfice
> until its successor was chosen.
>
> A couple years ago, when the X9 committee -- or maybe one of the X9
> crypto subcommittees -- rejected that advice and initially recommended
that
> 3DES be made a standard, I was told that the NSA rep angrily declared
that
> 3DES would _never_ get an export license and would never be shipped
> overseas. (Which may have put a damper on the 3DES standardization
> effort;-)
>
> Unfortunately, these standards development efforts usually escape
> the media's attention. Anyone on the list active in X9 and can give us
the
> real story?
>
I was at the meeting. This was a meeting of (I think) X9F3, which is a
working
group in X9F, which has several working groups doing security. 3DES was
being pushed really hard by the Fed. The vote was to get a sense of how
much interest there was in a 3DES standard. (There is no requirement to
have such a vote to work on something; the X9 rules require a new work item
ballot sent to all X9 members.) The NO votes were, IIRC, from NSA (with the
above quote, more or less), IRS, and IRE (a commercial outfit located in
Baltimore). NIST abstained. I don't recall the official X9 vote, but it
was along
the same lines. The work was done in a different working group, X9F1,
chaired
by the legendary Blake Greenlee. The standard was published a few months
ago. Again, the Fed pushed really hard on this; kudos to them.
I'm sure Cindy Fuller of the X9 Secretariat (cfuller@aba.com) would have
the
official X9 ballot results if anyone is interested...
> Since the birth of X9 in the late 70s, the US National Security
> Agency has its own representative on the X9 Committee. As one might
> expect, the NSA has traditionally had significant influence over the ANSI
> "F" (crypto) subcommittees and cryptographic standards in financial
> services. There was a time when Ft. Meade effectively dictated those
> standards. Now, that is not necessarily so....
>
> (After the NSA blundered so badly in trying to force the Banking
> industry to switch from DES to CCEP/Clipper in the late 80s, the Agency's
> mesmerizing control broken. The initial intro of CCEP/Clipper -- at an
ABA
> meeting -- proposed that only US owned institutions could have access to
> Clipper. At the time, as I recall, maybe 10-15 percent of the US banks
> were foreign owned;-) The bankers couldn't believe that these idiots --
> obviously so ignorant about the workings of the industry they were trying
> to defacto regulate -- were from the NSA of Legend and Lore.)
>
I didn't start attending meetings till the early '90's, but I can certainly
testify that Clipper/Fortezza were pushed really hard. In fact, X9F1 may
still have open work items on some of this stuff (no work going on, but
it needs a formal vote to remove it from the list). My major objection was
the attempt to standardize on a particular *product*, which used classified
algorithms, vs. standardizing on a public algorithm which could be
implemented
in H/W or S/W. So X9 ended up with: 3DES instead of Skipjack; DSA and
RSA (and ECDSA real soon now) for signatures; and DH, RSA, and EC (real
soon now) for key management. It's interesting that our DH standard seems
to have reinvented much of the interesting stuff in KEA.
Regards,
Rich
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Return to December 1998
Return to “Robert Hettinga <rah@shipwright.com>”
1998-12-30 (Thu, 31 Dec 1998 00:35:03 +0800) - Re: Triple DES “standard”? - Robert Hettinga <rah@shipwright.com>