The following came from a government source. I thought it might be of interest. Bob -------------------------------------------------------------------------- At yesterdays FNC (Federal Networking Council) meeting it was mentioned in passing that NSA has given Netscape a grant of $5 Million (yes $5M) to beef up the security features of Netscape. More info will be forthcoming on this.
"beef up". "Yeah, Skipjack is much more secure than RC4-40..."
The following came from a government source. I thought it might be of interest. Bob --------------------------------------------------------------------------
At yesterdays FNC (Federal Networking Council) meeting it was mentioned in passing that NSA has given Netscape a grant of $5 Million (yes $5M) to beef up the security features of Netscape. More info will be forthcoming on this.
-- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
// At yesterdays FNC (Federal Networking Council) meeting it was // mentioned in passing that NSA has given Netscape a grant of $5 Million // (yes $5M) to beef up the security features of Netscape. More info will // be forthcoming on this. This isn't all that surprising. The NSA likes Fortezza, and Netscape has announced that they will be supporting Fortezza based authentication. This was first made public in the SSL v3 draft circulated many months ago. FORTEZZA support is virtually required for any sort of new network authentication within the US DoD. The DoD pie is rather large, and I don't blame Netscape for trying to get a piece of it. One can support FORTEZZA without giving in to GAK for non-FORTEZZA users. -- david d `zoo' zuhn --- secure computing corporation zuhn@sctc.com
Bob Bruen writes: # At yesterdays FNC (Federal Networking Council) meeting it was # mentioned in passing that NSA has given Netscape a grant of $5 Million # (yes $5M) to beef up the security features of Netscape. More info will # be forthcoming on this. david d `zoo' zuhn writes:
FORTEZZA support is virtually required for any sort of new network authentication within the US DoD.
The DoD pie is rather large, and I don't blame Netscape for trying to get a piece of it. One can support FORTEZZA without giving in to GAK for non-FORTEZZA users.
For the moment I am inclined to agree that there's nothing terribly sinister about this. I've just been flipping through <a href="http://www.fnc.gov/fisp_sec_contents.html">the FNC's draft Federal Internet Security Plan (FISP)</a>. In particular it mentions: ------------ 4.2 Internet Security Technology Development The IETF and other activities are currently expanding their efforts to develop and deploy technology standards to meet the growing security needs of the Internet. However, these efforts must be accelerated and facilitated by Government, since the Government has as much, if not more, interest in increasing the level of security capability in the Internet as does any other segment of society. [...] Enhance Internet Application Security A number of key Internet applications have become central to agencies' increasing Internet activities. Such key applications should be examined and, where appropriate, strengthened to the extent possible. Among the applications that require high-priority attention are the following: [...] Public Information Servers - Second only to email is the expanding use of Internet-based public information server methods, most visibly the World Wide Web and the associated Mosaic/Linx client applications. Unfortunately, there are a number of known security vulnerabilities associated with the use of these applications. ---------------- I definitely do _not_ get a sense from anything in this document that installing GAK mechanisms is a major concern of the project. The NSA appears to have a few people involved with the FNC, but not a great visible presence. -Futplex <futplex@pseudonym.com>
Bob Bruen, MIT Lab for Nuclear Science wrote:
The following came from a government source. I thought it might be of interest. Bob --------------------------------------------------------------------------
At yesterdays FNC (Federal Networking Council) meeting it was mentioned in passing that NSA has given Netscape a grant of $5 Million (yes $5M) to beef up the security features of Netscape. More info will be forthcoming on this.
This is not strictly true. The NSA has given us a contract to add support for Fortezza to some of our products, including servers and navigators. The amount was less than $5M, but I'm not sure that I should say how much it was. One of the things we hope to get out of this work is an architecture for our products that allows us to easily support other crypto hardware, including devices that don't use Secret algorithms, and don't require key-escrow. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (5)
-
Bob Bruen, MIT Lab for Nuclear Science -
futplex@pseudonym.com -
Jeff Weinstein -
sameer -
zuhn@sctc.com