March 1993 - cypherpunks-legacy

Re: Cypher:Subject naming- SUMMARY
by Jim C 20 Mar '93

20 Mar '93

Ok, here's a summary of replies regarding sorting of mail by To: fields, or more in general, grouping all list mail together by mailing list. Thanx to all who responded. As you can see, there are a variety of ways to approach this problem. All of these replys were posted to Cypherpunks already, so re-posting is kosher. I've cut out the extra header stuff and the PGP signatures, and edited the messages for brevity. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From: nowhere(a)bsu-cs.bsu.edu (Chael Hall) Subject: Re: Cypher: Subject naming proposal To: collins(a)socrates.umd.edu (Jim C) Cc: cypherpunks(a)toad.com >Can I suggest that any messages posted to cypherpunks start with "Cypher:" >in the subject line? The mail from this list is getting mixed in with all >my other mail, cause my newsreader (elm) can't sort on "To:" fields. > Does anyone else have this problem? Does this idea seem reasonable? >JIm C. I use the following .forward file to make slocal "sort" my mail based upon the contents of the .maildelivery file below. -- $HOME/.forward -- | /usr/lib/mh/slocal -user nowhere <EOF> You should use something like the following .maildelivery file to tell slocal where to put the messages. -- $HOME/.maildelivery -- # # field "pattern" action "command" # To "cypherpunks(a)toad.com" file ? Mail/cypherpunks This will file messages directed to cypherpunks to a file in your Elm mail directory, but leave all other messages untouched. You have to then choose the folder "=cypherpunks" to read those messages. NOTE: You need to change the path of slocal to the appropriate path for your system. You can find it with the whereis -b command or the find utility. Am I forgetting anything? Chael Hall -- Chael Hall nowhere(a)bsu-cs.bsu.edu, 00CCHALL(a)BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From: Crys Rides <crys(a)cave.tcp.COM> Subject: Re: Cypher: Subject naming proposal >>>>> On Thu, 18 Mar 93 10:39:46 EST, nowhere(a)bsu-cs.bsu.edu (Chael Hall) said: Hall> I use the following .forward file to make slocal "sort" my mail based Hall> upon the contents of the .maildelivery file below. [snip] Hall> NOTE: You need to change the path of slocal to the appropriate Hall> path for your system. You can find it with the whereis -b command or Hall> the find utility. Am I forgetting anything? Erm, only that this apparently appears to pretty much _require_ switching mailreaders to MH. A more transparent solution can be achieved with the 'procmail' package, available from any comp.sources.misc archive. This package allows rule-based filtering on message content, size, and other factors, and can be installed workably with most mailreaders to my knowledge, without requiring much effort. Crys Rides >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >From wimsey.bc.ca!markh(a)wimsey.com Thu Mar 18 13:: Cypher: Subject naming propos al There's a program called "filter" (which I think is part of the elm distribution) that I use to automatically route messages from different mailing lists to separate folders, which can then be read at leisure. Very handy! derek >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> To: Brad Huntting <huntting(a)glarp.com>, Jim C <collins(a)socrates.umd.edu> Subject: Re: Cypher: Subject naming proposal Cc: cypherpunks(a)toad.com mush will also allow filtering based on more or less whatever you want (e.g. To: fields). Mark -- Mark Henderson markh(a)wimsey.bc.ca

1 0

POLI/TECH/SURVEY: Feds and computers.
by Alexander Chislenko 19 Mar '93

19 Mar '93

There were two interesting articles today in the Marketplace section of the Wall Street Journal. I advise you to read them, and will give only brief references here: 1. "White House lets you turn on your PC, tune into politics" - Some stuff on White House and its email addresses, email in general, etc. Some of it informative, some stupid, some babble. One remarkable piece: "... the backward White House computer system doesn't receive the electronic messages directly, and the mail isn't answered electronically. Instead, the e-mail messages are delivered to White House on disk, where they are printed out and answered by low-level workers through regular paper mail." Ain't that amazing?! 2. To the right from the big central material on the crucially important subject of bacon sales, there starts an article "Ruling gives privacy a high-tech edge" - about the Jackson Games BBS case. While it might not offer conceptual breaktrhoughs to anybody on this list, it is (IMO) a very informative and sympathetic material; it describes the history of the case, recent rulings, their implications, etc. It is very nice that this is offered to a large audience. - Well worth reading. ------------------------------------------------------------------------------ | Alexander Chislenko | sasha(a)cs.umb.edu | Cambridge, MA | (617) 864-3382 | ------------------------------------------------------------------------------

1 0

Re: You Aren't [I'm Not]
by pmetzger＠shearson.com 19 Mar '93

19 Mar '93

> From: Theodore Ts'o <tytso(a)athena.mit.edu> > > Sorry; typo on my part. What I meant to say was "No, I am not arguing > that free speach is bad." Mr. Metzger was putting words in my mouth > when claimed that I was saying that. > > Anonymity and free speach are *NOT* the same thing. As I posited in an > earlier message, which no one has yet to comment on, those two concepts > are not the same thing. Yes they are, Ted. They are mathematically equivalent. If I can say anything, I can say it in code. If I can say anything, I can repeat what someone else said in code, possibly transforming it. Ta Da, remailers. To stop remailers, you will need to stop free speech. Please at least admit this much. It might be unpleasant, but in a society with no prior restraints on speech it is likely not possible to stop cryptographic systems to assure anonymity. Perry

6 11

Re: Cypher: Subject naming proposal
by karn＠qualcomm.com 19 Mar '93

19 Mar '93

Several years ago I wrote a UNIX utility that splits my incoming mail (directly from the spool) into files based on the To: and Cc: fields. I can specify the various mailing lists to which I subscribe in the shell script, with all others going to a file named "other". This way I can give higher priority to the mail that names me specifically as a recipient, and put off the mailing lists for later. And I can use any conventional mailer (like Mail) to read the split files. Phil

1 0

Tagging data to detect thieves
by Marc.Ringuette＠GS80.SP.CS.CMU.EDU 19 Mar '93

19 Mar '93

I've done some further thinking on the text tagging problem, spurred by a question on sci.crypt about tagging pictures (under the subject line "Permanent signatures for pictures"). Here's a summary. ---- Let's say Dow Jones wants to sell newswire subscriptions to individuals, but someone is anonymously forwarding their articles to a newsgroup. Can they succeed in tagging the text to detect the thief? The idea is to make some small twiddle to each subscriber's copy of the text, so that the stolen copy can be matched with some subscriber and their subscription cancelled. Short answer: the thieves win. At first, I thought the answer was the opposite. ---- There are two issues which must be addressed in order to show that the tagger wins: 1. The taggee must not be able to "smooth away" all of the tag bits. 2. The taggee must not be able to cross-correlate multiple copies of the data in question in order to produce a "clean" version. Regarding issue #1, the basic techique is to alter a few features of your data which are important enough that your opponent can't afford to randomize ALL such bits. In the case of text, small changes in word choice are a good candidate. Two criteria are: A. The changes must be "important" enough that the thief can't smooth them all away. B. The changes shouldn't be "important" enough that the newswire becomes worthless! The tagger has an advantage in this case, though. He can change, say, 1 in 1000 of these "important, non-smoothable-away" candidate bits. If the thief wants to cancel them out and only has a single copy of the picture, he must somehow canonicalize _all_ of the candidate tag bits, or some very large proportion of them. So if your tagging process does a little bit of "damage" to your data, like in the map-maker case of adding an extra small street here and there, then the opponent must either try to detect exactly where your damage is, or must make wholesale changes to the data (such as removing all small roads altogether). The thief, in trying to cover up your damage, must make a thousand times as much damage. Choose your damage level appropriately so that your level of damage isn't too much but the thief's is. ---- Issue #2, thieves cross-correlating between multiple copies of the data, is a bit more subtle. Here's the scenario: Dow Jones has 10,000 customers, 64 of whom are in a conspiracy to steal and re-sell the newswire. Dow Jones tries various tagging strategies, altering whitespace and word choice individually for each subscriber. The thieves try to cross-correlate between their copies of the text in order to "cancel out" the tags from the copy which they wish to re-sell. Can Dow Jones detect the thieves and cancel their subscriptions? In the discussion below, when Dow Jones "twiddles a bit" of their newswire, they do so by substituting a word's synonym at a chosen location, using a separate (possibly biased) coin flip for each subscriber. Here are the strategies I've considered. Dow Jones strategy: twiddle some bits with probability 0.5. If the thieves use majority vote, each thief will have a reasonably high correlation with the output bits. (In fact, the probability of a match will exceed 50% by approximately the chance of a tie vote among the thieves, which is about 0.8/sqrt(n) where n is the number of thieves. This computation is a bit hairy.) Thief countermeasure: reliably detect which bits are being twiddled (by cross-checking between, say, 64 different subscriptions) and flip a fair coin to determine the output. There's a chance of only 2 in 2^64 that the thieves fail to detect the twiddle. Dow Jones strategy: twiddle some bits with low probability (e.g. p=0.01). Reasonably often, the bit values will be the same for all thieves. If the thieves use the flip-a-coin strategy, we can determine which tag bits they've failed to detect, and identify them that way. Thief countermeasure: use a majority vote. Dow Jones strategy: hybrid of the two. Thief countermeasure: hybrid of the two. Flip a coin if the vote is fairly even, go with the majority if the vote is uneven. For example, get 64 subscriptions, go with the majority vote if fewer than 16 dissenters, flip a fair coin otherwise. This last strategy for the thieves is the one I can't beat. Theoretical help, anyone? -- Marc Ringuette (mnr(a)cs.cmu.edu)

7 7

a steganographic test
by Eli Brandt 19 Mar '93

19 Mar '93

Taking the easy way out, I tried a steganographic encoding in a GIF by mapping down to 128 colors, duplicating them, and frobbing the low bits of the image. This worked surprisingly well. The resulting image showed little degradation, and was smaller than the original -- the information thrown out when mapping down to 128 was not fully replaced, as the "hidden" file did not fill the GIF. Rather than screw with GIF and Heckbert code for this throwaway, I did the {en,de}giffing and palette manipulation by hand with the PC program PICLAB. It supports scripts, which would automate the process, except for the palette duplication, which a sed script could do. The bit bashing code is appended, though it's pretty trivial stuff. Anyway, I ended up with the canonical Earth-seen-from-space, 320x200x8, with an embedded DOS-format text file chosen for verisimilitude. I can ship it by e-mail to anyone who wants it, though there's not really a whole lot you can *do* with the thing. ("Hey. Wow. There really is a file in the low bits.") PGP 2 key by finger or e-mail Eli ebrandt(a)jarthur.claremont.edu the guts of ensteg.c: /* * We smear the hidef stream MSB-first into the low bits of the picf stream. * This code is not optimal, but hey, it's short. */ int picbyte, hidebyte, mask=0; long count=0; while (EOF!=(picbyte=getc(picf))) { if (!mask) { mask = 0x80; if (EOF==(hidebyte=getc(hidef))) hidebyte=0; // pad with nulls } putc(picbyte&0xfe | ((hidebyte&mask)/mask), outf); mask/=2; } and of desteg.c: /* * Pull the picf bits out, and put them together, MSB-LSB order. */ int picbyte, hidebyte=0, bit=7; while (EOF!=(picbyte=getc(picf))) { if (bit<0) { putc(hidebyte, hidef); hidebyte=0; bit=7; } hidebyte |= (picbyte%2)<<bit--; } if (bit<0) putc(hidebyte, hidef); Caveats: no error checking. The pic file had better be eight times as large as the file to put in it. If the null-padding will cause problems, you should wrap the file with an archiver first. Sorry about that putc() line in ensteg.c; it was late.

1 0

HASH: cryptanalysis of MD5? (fwd)
by root＠rmsdell.ftl.fl.us 19 Mar '93

19 Mar '93

Forwarded message: > Newsgroups: sci.crypt > From: schneier(a)chinet.chi.il.us (Bruce Schneier) > Subject: Successful Cryptanalysis of MD5 > Message-ID: <C42Gr3.M3w(a)chinet.chi.il.us> > Organization: Chinet - Public Access UNIX > Date: Thu, 18 Mar 1993 04:06:39 GMT > > This is from Bart Preneel's Ph.D. thesis, "Analysis and Design of > Cryptographic Hash Functions," Jan 1993, p. 191. It is about the > cryptanalysis of MD5: > > B. den Boer noted that an approximate relation exists between > any four consecutive additive constants. Moreover, together > with A. Bosselaers he developed an attack that produces > pseudo-collisions, more specifically they can construct two > chaining variables (that only differ in the most significant > bit of every word) and a single message block that yield the > same hashcode. The attack takes a few minutes on a PC. This > means that one of the design principles behind MD4 (and MD5), > namely to design a collision resistant function is not satisfied. > > I have not seen the actual paper yet, which will be presented at > Eurocrypt. Both PEM and PGP rely on MD5 for a secure one-way hash > function. This is troublesome, to say the least. > > Bruce > > ************************************************************************** > * Bruce Schneier > * Counterpane Systems For a good prime, call 391581 * 2^216193 - 1 > * schneier(a)chinet.chi.il.us > ************************************************************************** > > -- Yanek Martinson yanek(a)novavax.nova.edu

1 0

White House
by Matthew J Miszewski 18 Mar '93

18 Mar '93

Cypherpunks, MCI announced a new email address for access to the White House. However, This time they make no pretense that it will be read electronicly. From what I could glean from RISKS (I was in quite a hurry), the messages will be sent through the regular USPS. This appears to be a way to increase profits for MCI and Internet messages may very well bounce. Anyway, I know that the cypherpunks are trying to access the handles of power in this country and gain some respect at the same time. I also watched the last thread about what form our communication should take. Well, here's another chance. 0005895485(a)mcimail.com - White House Matt mjmiski(a)macc.wisc.edu

1 0

RE: the recent mailing list flames
by nowhere＠bsu-cs.bsu.edu 18 Mar '93

18 Mar '93

>One of the two loud complainers, mbrennan(a)netcom.com, had actually >doubled subscribed himself to the list. I had already removed him >once, so I thought; I had moved him over to the -announce list. Well, I sent a personal message to mbrennan(a)netcom.com about the posting he made where he criticized "Mr. May and Mr. Ringuette" for their misunderstanding. :) He misinterpreted my meaning of "you are in my kill list, but the others aren't." I meant that my .maildelivery destroys mail from him, but not from anyone else. *sigh* He wrote my sysadmin about it and said that it came from my remailer and all hell broke loose on my end. My boss's boss took me into his office and we discussed it... He just said, "Someone was harrassing a guy at AT&T (of all places) through your remailer." I tracked down the message, "talk"ed to mbrennan about it and he agreed to write a message of apology to my sysadmin saying he misunderstood the "threat." *sigh* What an avoidable mess if he hadn't been so touchy! Now they are investigating my remailer. My response was, "Oh, it's just a play-thing for me and a few friends." They think I should be responsible for what goes through it. Hahahaha... Right. I only see messages that don't go through for one reason or another (bounces and errors in "::" use). Chael Hall -- Chael Hall nowhere(a)bsu-cs.bsu.edu, 00CCHALL(a)BSUVC.BSU.EDU, chall(a)ref.tfs.com (317) 285-3648 after 5 pm EST

1 0

GOV: DMS PreMSP
by root＠rmsdell.ftl.fl.us 18 Mar '93

18 Mar '93

Forwarded message: > Date: Wed, 17 Mar 1993 15:10:53 -0500 > To: Markowitz(a)DOCKMASTER.NCSC.MIL > From: shirley(a)mitre.org (Robert W. Shirey) > Cc: pem-dev(a)TIS.COM > > In a previous message, I said: "Just as soon as I know for sure that > information on this subject [DMS PreMSP] is publicly releasable, I will > forward it or references to this list." Here are pointers to the > currently available public info. > > A Request For Information (RFI) was issued by the Air Force Standard > Systems Center, Gunter AFB,Al, on December 1992. (See "Commerce Business > Daily" for 17 December 1992.) This RFP concerns X.400 products for use > in the Defense Message System. In brief, DOD needs hundreds of thousands > (of units) of secure UAs over the next several years. > > In the RFI, there is publicly released information concerning Preliminary > Message Security Protocol (PMSP, or sometimes, PreMSP), which is to be > used for unclassified by sensitive information. PMSP is something that > exists. Do not expect it to interoperate with PEM. > > Saying "Pre" MSP implies there is a "real" MSP to come later. There is. > It comes from NSA's Secure Data Network System Program. SDNS and MSP > information is available from NIST, and decriptions are found in the > proceedings of the National Computer Security Conference and other major > security conferences in the last few years. (Perhaps someone will chime > in again with the NIST references, etc.) > > DMS security developments, including PMSP, will be addressed further by > an NSA representative at the AFCEA [Armed Forces Communications and > Electronics Association] DMS Symposium on 8 April. > > Regards, -Rob- > > Robert W. Shirey, The MITRE Corporation, Mail Stop Z202 > 7525 Colshire Dr., McLean, Virginia 22102-3481 USA > shirey(a)mitre.org * tel 703-883-7210 * fax 703-883-1397 > > --------------------------------------------------------------------------- > The following statement on MSP was released previously: > > Defense Information Systems Agency > Defense Network Systems Organization > > In reply Refer To: DISM 12 November 1991 > > MEMORANDUM FOR DEFENSE MESSAGE SYSTEM (DMS) MILITARY COMMUNICATIONS > ELECTRONICS BOARD (MCEB) COORDINATOR > > SUBJECT: Rationale for the Secure Data Network System (SDNS) Message > Security Protocol (MSP) for the DMS > > > 1. As a result of the Allied Message Handling (AMH) International Subject > Matter Experts (ISME) working group meeting held in March 1991, certain > actions regarding message security were tasked to the U.S. representatives. > These tasks include two information papers which address the U.S. intentions > to use MSP to provide required message security services. > > 2. The first of these papers, which addresses the rationale and near-term > interoperability issues for the use of MSP, is enclosed. We are forwarding > this paper to you, as the DMS MCEB Coordinator, for dissemination to the AMH > ISME membership. > > 3. This paper has also been forwarded to the Chairman, Data Communications > Protocol Standards (DCPS) Technical Management Panel (DTMP) for use in > resolving an Interoperability Resolution Process (IRP) issue regarding the DoD > position on the use of MSP. Both the AMH ISME and DTMP processes will be > worked as parallel efforts. > > 4. My point of contact for this effort is CPT(P) Wayne C. Deloria, DISA/DISMB, > (703)285-5232, DSN 346-5232. He can be reached through electronic mail at > DELORIAW(a)IMO-UVAX.DCA.MIL. Please do not hesitate to contact him with any > question regarding this matter. > > > Enclosure a/s THOMAS W. CLARKE, Chief > DMS Coordination Division > > cc: DMS Coordinators > > > 22 October 1991 > > THE DEFENSE MESSAGE SYSTEM (DMS) > MESSAGE SECURITY PROTOCOL AND ALLIED INTEROPERABILITY > > > 1. Introduction > > The Defense Message System (DMS) Program has adopted Message Security > Protocol (MSP) as the target security protection mechanism for all DMS > organizational and individual message traffic. MSP was developed under the > auspices of the Secure Data Network System (SDNS) Program concurrent with > international development of the CCITT X.400 1988 Recommendation. SDNS MSP > and 1988 X.400 offer a similar set of security services. However, the two > approaches diverge in certain areas, due to differing priorities and > requirements, and the operational environment of the U.S. Department of > Defense (DoD). The purpose of this paper is to define the principal points of > departure, provide rationale for U.S. use of MSP, and to provide a framework > for agreement on near term messaging interoperability. > > 2. Rationale for Use of MSP > > While the security services provided by MSP are similar to the 1988 X.400 > Recommendation, the divergence in their implementation introduces > incompatibilities between the two strategies. Following is U.S. rationale for > use of MSP. > > 2.1 High Level of Assurance: DMS provides secure automated store-and- > forward message service to meet the operational requirements of the U.S. DoD. > The DMS conveys information ranging from unclassified to the most sensitive > classifications and compartments, requiring very high levels of assurance > throughout the system. While few, if any, individual User Agents (UAs) will > handle this entire range, many will handle more than one, and therefore > require a high degree of trust. MSP provides high assurance in the areas of > implementation strategy, access control, content security, and use of > commercially available products and services. > > 2.1.1 Implementation Strategy. To achieve a high level of assurance, > MSP was designed to provide separation of message security from message > processing, and to facilitate a certifiable and accreditable implementation. > By implementing the MSP security services in a separate protocol sub-layer, a > multi-level secure (MLS) architecture can follow conventional approaches in > the design of certifiable systems. The MSP approach depends upon creating a > small nucleus of "trusted" software, implemented as an adjunct to the UA, that > interacts with multiple, single-level instantiations of more complex software, > e.g., text editors and communications protocols. Further, placing the > security services at the end system (originator/recipient) is consistent with > the principle of "least privilege", which requires security processes in a > system to grant only the most restrictive set of privileges necessary to > perform authorized tasks. > > 1 > > > 22 October 1991 > > 2.1.2 Access Control. The approach to access control adopted by MSP > places access control decisions in a separate process within the originator > and recipient UAs, providing a higher level of assurance for this service. > This high level of assurance is supported by detailed security design analyses > performed on various MSP prototype implementations. > > 2.1.2.1 MSP access control decisions are made as part of message > preparation and release, and as part of the processing of a received message. > End system (UA) responsibility for access control is a cornerstone of the MSP > security architecture. The access control decision relies on authorization > information contained in multiple certificates. These certificates provide > extended resolution for access control decisions and are further protected by > cryptography at the UA. Consequently, no access control message security > requirements are levied on the Message Transfer Agents (MTAs). > > 2.1.2.2 In contrast, 1988 X.400 access control decisions and > enforcement are vested in the Message Transfer System (MTS) and are exercised > independently by the MTAs at each end of the message transfer. This requires > that every subscriber uniformly trust all of the MTAs to enforce access > control for the subscriber community. A message originator has no independent > means of determining the access rights of a possible recipient, nor the means > to determine the level of trust of the MTAs that make access control > decisions. He must rely on the correct operation of the MTAs. > > 2.1.3 Content Security. MSP provides content security and integrity > services with the implementation of independent cryptographic algorithms and > key management system at the UA. Encapsulation of message content with > appropriate security parameters (e.g., algorithm identification and signature > information) into a MSP content prior to submitting it to the MTS, ensures > writer-to-reader control for all security services. This is true regardless > of the message transfer system employed. Since only the originator and > recipient may access the information, content security is preserved, and the > means for message confidentiality, integrity, authentication, and non- > repudiation with proof of origin is maintained. > > 2.1.4 Commercial Products/Services. A primary objective of the DMS > Program is to employ commercially available products and services wherever > possible, to minimize or eliminate the need for specialized systems. It is > also assumed that such products and services will undoubtedly be "untrusted" > from the security perspective. The use of MSP allows the DMS to deploy over > any reliable and heterogeneous MTS and still provide the same level of message > security and system assurance. The MSP design and implementation strategy, > coupled with the incorporated access control and content security mechanisms, > is consistent with this objective. While the 1988 X.400 Recommendation offers > similar services, its employment by DMS would require use of "trusted" MTAs, a > prospect that is not only cost prohibitive by lacking in deployment > flexibility. > > 2 > > > 22 October 1991 > > 2.2 Key Management Support. MSP was designed to be independent of > cryptographic algorithms and key management schemes. Although 1988 X.400 > maintains independence of the cryptographic algorithms used, it does employ a > specific key management scheme as defined in CCITT Recommendation X.509. The > protocol mechanisms that realized this key management scheme are incompatible > with MSP key management. > > 2.2.1 A solution consistent with the MSP concept might be implemented > within the X.400 syntax, but would represent a semantic inconsistency. Within > X.400, no syntax exists to exchange multiple certificates and other per- > message security data. > > 2.2.2 Even if a certifiable architecture using MSP-like key management > schemes could be developed to be consistent with 1988 X.400, it would likely > represent a substantial departure from COTS products. > > 2.3 Performance. Like MSP, the 1988 X.400 Recommendation defines both > per-message and per-recipient security data items. However, the allocation of > security relevant data, especially the signature and receipt information, is > different in X.400 and in MSP. 1988 X.400 requires one signature per > recipient while MSP requires one per message. The major performance > implications of this difference are the higher number of signature generation > operations required by 1988 X.400, and the higher volume of additional data > carried in each 1988 X.400 message. > > 3. Allied Interoperability. > > 3.1 Suggestions from the Allied Message Handling International Subject > Matter Experts Working Group (AMH ISME WG) recommend that the U.S. incorporate > MSP mechanisms with the 1988 X.400 framework. In reviewing this, technical > difficulties surface as previously discussed, and present a resultant product > which is semantically non-conformant with the 1988 X.400 Recommendation. This > suggestion is unacceptable from a security protection standpoint, and is cost > prohibitive. > > 3.2 The differences in the MSP and 1988 X.400 security protection > strategies as described in the rationale serve to illustrate an allied message > interoperability issue. It is evident that the U.S. will continue to pursue > implementation of MSP while U.S. allies, including NATO, appear poised to > pursue implementations of the 1988 X.400 Recommendation. When the U.S. begins > deployment of X.400/MSP components in the 1996 and beyond time frame, a MSP > gateway will be required to facilitate interoperability between users who have > implemented X.400 with MSP and users who have not. A Gateway will be required > to perform protocol mappings between MSP and X.400-based systems, and to > provide the required cryptographic and key management conversion services for > the systems employed. This Gateway will facilitate U.S. transition to MSP, as > well as provide interoperability with allied users during the international > transition to X.400. > > 3 > > > 22 October 1991 > > 4. Conclusions. > > 4.1 Based on the rational provided above, the U.S. concludes that use of > MSP is superior to 1988 X.400 security protection in terms of assurance, key > management, performance, deployment flexibility, and cost. > > 4.2 As indicated above, allied interoperability will require an MSP > Gateway. The AMH ISME WG is an excellent forum to collect requirements for > this Gateway to ensure its timely development and deployment, and > effectiveness in providing near term allied interoperability. Long term > interoperability is being analyzed and will be the subject of a 15 February > 1992 U.S. submission to the AMH ISME WG. > > 4 > > ----------------------------------------------------------------------- > The Privacy and Security Research Group (PSRG) (i.e., that part of the > Internet Research Task Force that invented PEM and tossed it over the > fence into the Internet Engineering Task Force for final standardization > and deployment) received inqiries about the position of the U.S. > Federal Government on the use of Privacy-Enhanced Mail (PEM) (see RFCs > 1421, 1422, 1423, and 1424). The PSRG issued a statement which is now > outdated but was along the following lines: > > The PSRG does not speak for the U.S. Federal Government or for any other > government. It can, however, arrange some referrals for those seeking > Government information. > > Like all bodies operating under the cognizance of the Internet > Activities Board (IAB), the PSRG is an independent committee of > professionals with a technical interest in the health and evolution > of the Internet system (see RFC 1160). When the PSRG was designing > and developing PEM, and when the IAB approved and encouraged PEM > implementation, there was discussion of existing U.S. and other government > policies and policy trends. No agreements were reached with any agency > or official. Some PSRG members are aware of talks that have taken place > within the U.S. Government about PEM, but the PSRG is not aware of any > publicly-announced policies that have been directed specifically at PEM. > > For further information, the PSRG suggests that questions be directed > to the following PSRG members, who will either answer the question > or provide a referral to responsible officials: > > For questions regarding the U.S. Government generally: > > Miles Smid smid(a)st1.ncsl.nist.gov > National Institute for Standards and Technology > Building 225, Room A216 > Gaithersburg, Maryland 20899 > > For questions regarding the U.S Department of Defense in general, and > the Defense Message System in particular: > > Rob Shirey shirey(a)mitre.org > The MITRE Corporation, Mail Stop Z269 > 7525 Colshire Drive, McLean, VA 22102-3481 > > For other questions, send to pem-dev(a)tis.com and hope for the best! > > > > > -- Yanek Martinson yanek(a)novavax.nova.edu

1 0