Actually, as I recall the tale, the Amercian Bankers Association-sponsored ANSI-accredited X.9 Committee's blessing of DES3 was itself pretty interesting.
I understood that the NSA lobbied bitterly against the X9 effort to standardize 3DES as an ANSI standard, insisting that DES would surfice until its successor was chosen.
A couple years ago, when the X9 committee -- or maybe one of the X9 crypto subcommittees -- rejected that advice and initially recommended
3DES be made a standard, I was told that the NSA rep angrily declared
3DES would _never_ get an export license and would never be shipped overseas. (Which may have put a damper on the 3DES standardization effort;-)
Unfortunately, these standards development efforts usually escape the media's attention. Anyone on the list active in X9 and can give us
--- begin forwarded text Reply-To: <rankney@erols.com> From: "Rich Ankney" <rankney@erols.com> To: <dcsb@ai.mit.edu>, "Digital Bearer Settlement List" <dbs@philodox.com>, "Robert Hettinga" <rah@shipwright.com> Subject: Re: Triple DES "standard"? Date: Wed, 30 Dec 1998 09:40:38 -0500 Sender: <dbs@philodox.com> List-Subscribe: <mailto:requests@philodox.com?subject=subscribe%20dbs> <snip> that that the
real story?
I was at the meeting. This was a meeting of (I think) X9F3, which is a working group in X9F, which has several working groups doing security. 3DES was being pushed really hard by the Fed. The vote was to get a sense of how much interest there was in a 3DES standard. (There is no requirement to have such a vote to work on something; the X9 rules require a new work item ballot sent to all X9 members.) The NO votes were, IIRC, from NSA (with the above quote, more or less), IRS, and IRE (a commercial outfit located in Baltimore). NIST abstained. I don't recall the official X9 vote, but it was along the same lines. The work was done in a different working group, X9F1, chaired by the legendary Blake Greenlee. The standard was published a few months ago. Again, the Fed pushed really hard on this; kudos to them. I'm sure Cindy Fuller of the X9 Secretariat (cfuller@aba.com) would have the official X9 ballot results if anyone is interested...
Since the birth of X9 in the late 70s, the US National Security Agency has its own representative on the X9 Committee. As one might expect, the NSA has traditionally had significant influence over the ANSI "F" (crypto) subcommittees and cryptographic standards in financial services. There was a time when Ft. Meade effectively dictated those standards. Now, that is not necessarily so....
(After the NSA blundered so badly in trying to force the Banking industry to switch from DES to CCEP/Clipper in the late 80s, the Agency's mesmerizing control broken. The initial intro of CCEP/Clipper -- at an ABA meeting -- proposed that only US owned institutions could have access to Clipper. At the time, as I recall, maybe 10-15 percent of the US banks were foreign owned;-) The bankers couldn't believe that these idiots -- obviously so ignorant about the workings of the industry they were trying to defacto regulate -- were from the NSA of Legend and Lore.)
I didn't start attending meetings till the early '90's, but I can certainly testify that Clipper/Fortezza were pushed really hard. In fact, X9F1 may still have open work items on some of this stuff (no work going on, but it needs a formal vote to remove it from the list). My major objection was the attempt to standardize on a particular *product*, which used classified algorithms, vs. standardizing on a public algorithm which could be implemented in H/W or S/W. So X9 ended up with: 3DES instead of Skipjack; DSA and RSA (and ECDSA real soon now) for signatures; and DH, RSA, and EC (real soon now) for key management. It's interesting that our DH standard seems to have reinvented much of the interesting stuff in KEA. Regards, Rich --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'