DoD orders vendors to use Key "Recovery"
I hope someone sends them the NSA report on the security hazards of KR. Peter Trei ptrei@securitydynamics.com --------------- http://www.gcn.com/gcn/1998/May4/cov1.htm GCN May 4, 1998 Defense wants PKI now Department intends to make vendors use strong encryption By Christopher J. Dorobek To jump-start development of a public-key recovery system, the Defense Department plans to require its vendors to use strong encryption, deputy Defense secretary John Hamre said recently. Because it wields significant buying clout, Defense's more stringent requirements should boost government and industry efforts to build systems for managing encryption keys, Hamre said last month at an Armed Forces Communications and Electronics Association event in Washington. Agencies cannot wait for the government and industry to settle on a national encryption policy, Hamre said. Through successive administrations, the government has tried to develop a singular policy on encryption. But so far, the efforts have failed. Generally, industry has criticized the government's policy proposals as too restrictive. "We have an important national imperative to protect ourselves in this world," Hamre said. "We can't wait to have this issue resolved ... therefore we're going to buy encryption with key recovery." Vendors will have to use encrypted data and be able to recover it when doing business with DOD, he said. Defense will work out a final policy in the coming weeks, Hamre said. [...]
At 03:05 PM 5/8/98 -0400, Trei, Peter wrote:
I hope someone sends them the NSA report on the security hazards of KR.
I think that people should sell the Government crypto software with key recovery. We need to have a backdoor into the government's communications. Any key recovery system sold to the governemtn should have a real obvious and visible key recovery system so they know that it is there.
Peter Trei ptrei@securitydynamics.com
--------------- http://www.gcn.com/gcn/1998/May4/cov1.htm
GCN May 4, 1998
Defense wants PKI now Department intends to make vendors use strong encryption By Christopher J. Dorobek
To jump-start development of a public-key recovery system, the Defense Department plans to require its vendors to use strong encryption, deputy Defense secretary John Hamre said recently.
Because it wields significant buying clout, Defense's more stringent requirements should boost government and industry efforts to build systems for managing encryption keys, Hamre said last month at an Armed Forces Communications and Electronics Association event in Washington.
Agencies cannot wait for the government and industry to settle on a national encryption policy, Hamre said.
Through successive administrations, the government has tried to develop a singular policy on encryption. But so far, the efforts have failed. Generally, industry has criticized the government's policy proposals as too restrictive.
"We have an important national imperative to protect ourselves in this world," Hamre said. "We can't wait to have this issue resolved ... therefore we're going to buy encryption with key recovery."
Vendors will have to use encrypted data and be able to recover it when doing business with DOD, he said.
Defense will work out a final policy in the coming weeks, Hamre said.
[...]
--- | "That'll make it hot for them!" - Guy Grand | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
participants (2)
-
Alan Olsen -
Trei, Peter