To supplement TIS's Web site information on CKE, here's a mailing from Steve Walker earlier this month: TRUSTED INFORMATION SYSTEMS, INC. February 2, 1996 There has been amazing progress on TIS's Commercial Key Escrow (CKE) initiative since my last status report. In November, we submitted a Commodity Jurisdiction (CJ) request to the U.S. Department of State for our Gauntlet Internet Firewall Product with CKE-based IP Encryption, which constitutes our Global Virtual Private Network (GVPN) system (see figure 1). Our Gauntlet system has had a Virtual Private Network (VPN) capability using the Data Encryption Standard (DES) algorithm to encrypt firewall-to-firewall communications for the past year. But because of U.S. export controls, we have not been able to sell this option outside of the U.S. and Canada. By adding CKE technology to our firewalls, the Gauntlet system with DES and CKE now meets the U.S. government requirements for export to most parts of the world. In the course of several meetings with U.S. government representatives. we were told that it will take a while longer for all the details of the CJ process to be worked out, but that the U.S. government was willing to consider a temporary (up to 4-year) export license until the CJ process is in place. In early December, we submitted such a request and on January 19, 1996, it was approved (see figure 2). While this temporary export license has limitations (there must be a Data Recovey Center in the U.S. as well as in the foreign country because reciprocal agreements do not yet exist between the U.S. and foreign governments), it represents the first export approval of a DES-based key escrow encryption system, a small step but a giant leap toward full exportability of good cryptography when equipped with user-controlled key recovery. We are now discussing Global Virtual Private Networks, based on our Gauntlet-CKE system, with several multinational companies. In December, I attended a special meeting of the Organization for Economic Cooperation and Development (OECD) in Paris to discuss the international ramifications of the U.S. key escrow initiative. The consensus of the meeting was that user-controlled key escrow provides the only workable solution to the long-standing dilemma between the private sector's need for encryption protection and governments' needs to be able to decrypt the communications of criminals, terrorists, and other adversaries. Other meetings will follow, but it appears that most major governments endorse the U.S. government's user-controlled key escrow initiative as the only practical way through the cryptography maze. In mid-January, Microsoft announced its long-awaited Cryptographic Application Programming Interface (CAPI). This development promises to finally provide a well-defined separation between applications calling on cryptography and the actual performance of the cryptography. Now users will be able to request cryptographic functions in hundreds of applications and select precisely which cryptography to use at the time of program execution rather than program purchase. Cryptographic Service Providers (CSPs) can now evolve independent of applications, and users can choose whatever cryptography is available wherever they are in the world. TIS is working closely with CSP vendors to ensure that CSPs with good cryptography are available in domestic and exportable versions as soon as possible based on the U.S. government's key escrow initiative. In a presentation at the recent RSA Conference, I tried to put all this in perspective by conducting a "thought experiment" (see attachment 3). + Suppose the U.S. government had never thought of placing export controls on cryptography... We would now have widespread use of encryption, both domestically and worldwide; we would be in a state of "Utopia," with widespread availability of cryptography with unlimited key lengths. But, once in this state, we will face situations where we need a file that had been encrypted by an associate who is unavailable (illness, traffic jam, or change of jobs). We will then realize that we must have some systematic way to recover our encrypted information when the keys are unavailable. When we add a user-controlled key recovery capability to our Utopia, we find ourselves in an "Ultimate Utopia," with unlimited key length cryptography, widely available through mass market applications, and user-controlled key recovery. + But, unfortunately, the U.S. government *did* think of cryptographic export controls. And over the past several years, we have been frustrated by repeated unsuccessful attempts to resolve this dilemma... In 1992, the U.S. government allowed the export of 40-bit keys, a solution so weak no one wanted it. In 1993, the U.S. government announced Clipper, an attempt to give users good cryptography while preserving the U.S. government's prerogatives. But almost everyone hated U.S. Government-controlled key escrow, including most foreign governments. In 1994, industry rebelled with the proposed Cantwell legislative initiative to remove cryptography from U.S. State Department control. And, behind the scenes, the U.S. government orchestrated a massive counterattack. The result: a study that acknowledged the widespread availability of foreign cryptography yet proposed no change in U.S. government policies on cryptographic exports. + Then in 1995, the U.S. government announced its key escrow initiative: allow the export of up to 64-bit cryptography (a remarkable concession) when accompanied by an acceptable form of user-controlled key escrow (critical component to this policy being that "an acceptable escrow system" must have sufficient integrity to give the government confidence that, with a warrant, the keys will be available.)... Some in the computer industry labeled this just another form of Clipper and vowed to continue the fight against U.S. government regulation of encryption in any form -- presumably forever. On the other hand, once the new escrowed encryption policy was announced, U.S. government agencies -- the FBI, NSA, White House, DoD, DoJ, NIST, and NSC -- closed ranks behind it and have shown little interest in discussing any other approaches. In addition, neither political party has shown any interest in taking up the argument in the Congress, probably because it is a complex issue and there is no obvious "winning" position. But, depending upon how the definition of user-controlled key escrow is resolved, the new escrow policy could just be the long-sought compromise between government and industry that gets us through this morass. + If we can ensure that organizations can control the security of backup access to their encrypted information through well-designed commercial key recovery systems -- yet also ensure that governments have access when justified via normal legal procedures -- we may have truly found the "Ultimate Utopia" solution to a dilemma that has existed all of our professional lives and threatens to continue through the next generation... Thus, in my thought experiment I have come to the conclusion that we (industry and government) are all heading towards the same objective, but on a different path from what some of us originally wanted. Yet, to my way of thinking, that path has to accomodate us all if we are ever to arrive at any mutually agreeable destination. When one group of participants raises insurmountable barriers for another group, it simply blocks everyone from progressing down any path, and the net result is that U.S. industry is not able to export any good crypto-based security. We at TIS are dedicated to finding a solution acceptable to all sides. We ask your help in this struggle. If you want exportable cryptography routinely available in your lifetime and believe that user-controlled key recovery is an important, if not vital, capability, please contact us at <cke@tis.com>. If you want to integrate exportable CKE into your product line, we are ready to help. If you want to buy internationally deployable good cryptography with your favorite applications, tell your application vendor you want escrow-enabled applications. We all have an opportunity to make a major difference here. The opportunity is ours to take or forgo. Help us make this happen. Visit our www site, at http://www.tis.com/, and learn more about this vital initiative. Sincerely, Stephen T. Walker Attachments: 1. Global Virtual Private networks with CKE/Gauntlet transaction security diagram. 2. CJ Application for "Escrow-enabled Gauntlet Firewall Model 3.2 with Gauntlet Data Recovery Center." 3. Diagram of cryptography evolution from 1992 to 1995, with Yesterday, Today, "Utopia" and "Ultimate Utopia." -----