Re: P. Wayner on CSSPAB meeting
Mr. "Hyperbole-R-Us" Detweiller said:
A group of computer scientists from NIST came to discuss their plan for the Federal Criteria for secure systems and the new "Common Criteria" that may emerge. This is an updated version of the old Orange Book classification scheme of C2 and B1 and stuff like that. The scientists said the draft is being finished but it isn't ready for release. But now, they're working on "Something Better." This is a new plan to standardize the grading of secure systems with other countries and evolve a "Common Criteria." In general, the board groused about the fact that the public and industry have never been invited to give comments during the process. The summary of this talk is: "We might be able to tell you something someday."
`other countries'? `Common Criteria'? holy cow, this is something *very big* in the works. The U.S. can barely figure out its *own* cryptographic policies, and imagine the sheer logistical nightmare of trying to come to an agreement between the most isolated and imperious agencies!
It's a shame you understand so little of this. The "Federal Criteria" they're discussing are the Trusted Computer Security Evaluation Criteria, or TCSEC. This is also called the "Orange Book", since it was published in an orange cover. It's a purely-US DOD document that defines various levels of computer security - you remember, C2, B1, B3, all that stuff. It talks about Mandatory Access Controls, Discretionary Access Controls, Auditing, Authentication, etc. Cryptography as such is not addressed by the TCSEC. I believe the TCSEC discusses cryptographic authentication techniques in an abstract manner, but not even to the degree of naming any. The UK and other European countries have their equivalent to the TCSEC. The security levels have different names, and the included features differ slightly. The EC recognized that this difference in nomenclature and definitions would act as a barrier to free trade, so they began a program to harmonize these definitions. The "Common Criteria" would take this EC stuff beyond Europe into the US, allowing vendors of secure systems to get them rated once and sell them in a bunch of countries instead of building country-specific secure systems as they are required to do today. Another aspect of the Common Criteria is that they are expected to be a little more commercial in focus. The TCSEC and its counterparts were generally developed by the Defense organizations within their respective countries of origin; the focus of control and security reflects the needs of the developing organizations. Commercial users have been complaining for years that the TCSEC et al don't meet their needs in a useful and flexible manner; one desired goal for the Common Criteria is to meet this need. Cryptography is almost completely unrelated to the actual criteria themselves. Cryptography is one possible implementation mechanism for several of the capabilities required by the TCSEC and its successors; it is not the only such mechanism. The TCSEC does not prescribe or proscribe implementation technology.
I suspect GCHQ (Britain's NSA) would be involved in this at least. (There is a very cozy relationship between NSA and GCHQ that Kahn was harassed for revealing in _CodeBreakers_.)What other agencies?
The TCSEC and Common Criteria are really being developed by various Defense agencies; in the US, NIST is also involved, as I suppose DIN, BSI, AFNOR, etc. are. NSA is uninterested in making systems secure; their job is to break them anyway. Since the TCSEC doesn't specify mechanism, it's at too abstract a level for NSA to tamper with. There are no boogie men from the Spy House involved here, at least in the US. You can sleep well again. Jason Zions
The TCSEC and Common Criteria are really being developed by various Defense agencies; in the US, NIST is also involved, as I suppose DIN, BSI, AFNOR, etc. are. NSA is uninterested in making systems secure; their job is to break them anyway. Since the TCSEC doesn't specify mechanism, it's at too abstract a level for NSA to tamper with.
There are no boogie men from the Spy House involved here, at least in the US. You can sleep well again.
I wouldnt exactly say that (although I doubt the NSA's involvement here is shady). The NCSC which came out with the original Trusted Criterion (rainbow books including the orange book) is stationed at Fort Meade MD. (oddly enough right by NSA). If you get information sent to you from the NCSC sometimes the return address will say NSA on it instead of NCSC. If you read through the schedule of any of the conferences they put on you will see a good percentage of people with NSA next to their names. The NSA *does* have alot of interests in trusted systems and making systems secure. They are the national *Security* Agency. While half of the people at the NSA are working on how to break other peoples security there is still a good fraction of them learning how to make their own systems safe.
Jason Zions
Mr. Jason Zions <jazz@hal.com> posted a clarification on a misunderstanding that the Orange book has anything to do with cryptographic algorithms, pointing out that it deals only with higher level security issues. However, his strong claim that the NSA is not involved with these criteria whatsoever appears to be complete fantasy, as T. Newsham pointed out, also indicating that the NCSC (Nat'l Center for Security & Communications?) which ``came out with the original Trusted Criterion rainbow books including the orange book'' is apparently just another ugly NSA protrusion. In fact, I can remember people posting suggestions when I first joined the list (a seeming eternity ago) that the NCSC is *entirely* a front agency for the NSA, with no independent operation whatsoever--supposedly essentially nothing but a reception office and a secretary. I'm willing to accept that the Orange book doesn't specifically address cryptography, and I appreciate the clarifications on something that is one of the deepest, complex, and most obscure military handbooks, which frankly I take some pride and relief in having very little knowledge of, but I'm writing to correct another serious error in the original post:
NSA is uninterested in making systems secure; their job is to break them anyway.
This is simply entirely incorrect. A *very* major aspect of the NSA function, ever since its inception, involves the *creation* of secure cryptographic algorithms and equipment. Skipjack is simply the first `commercial' version ever introduced of a cryptographic algorithm. They have supported virtually all branches of the U.S. military in the code-making function. They are directly responsible for most encryption schemes and devices used in military radio communication (tanks, airplanes, ships, etc.). I understand the NSA even sells cryptographic equipment to some countries (U.S. allies) making sure it can be intercepted and decrypted -- this from claims of one of the `defectors' of the agency, I believe. Bamford describes it all in _Puzzle_Palace_. In fact, I've often stated the following position on the NSA, which highlights its past dual role and future legitimate one: Since ``the cold war is over'', if they are to exist at all, they should focus their energy on something *constructive* like algorithm development and not something *destructive* like its sinister vacuum-cleaner intelligence slurping. Increasingly, the world is making the choice for them.
participants (3)
-
Jason Zions -
L. Detweiler -
Timothy Newsham