Key Escrow Workshop agenda & discussion paper 3 September 1, 1995 Dear Participant: Thank you for agreeing to participate in the two-day meeting on software key escrow encryption. We are anxious to work with you and other industry representatives to facilitate development of exportable key escrow encryption in software products. I look forward to the workshop being an important step in that process. I have attached a draft agenda for the two days. I propose that we spend the majority of our time discussing a set of export criteria. In order to move that discussion along, a draft set of criteria is attached. The criteria state, in general terms, the government's needs with respect to exportable software, consistent with its law enforcement and national security requirements. Since it is important that the final criteria be clear, straightforward, consistent, and implementable, Mike Nelson of the Office of Science and Technology Policy will spend a few minutes describing these criteria on the first morning of the meeting. After that, we would like to hear your perspectives on them and work with you to refine them. On the second day, we plan to discuss the export licensing process for such products, and begin exploring characteristics of acceptable key escrow agents. Again, thank you for your participation. I look forward to seeing you there. Sincerely, / s / Raymond G. Kammer Deputy Director Attachments -------------------------------------------------------- TENTATIVE AGENDA Key Escrow Issues Meeting September 6-7, 1995 National Institute of Standards and Technology Gaithersburg, Maryland Wednesday, September 6, 1995 9:00 Welcome, Agenda Overview, Logistics Ed Roback, NIST 9:10 Review of Meeting Goals Ray Kammer, NIST Deputy Director Session I -- Software Key Escrow Exportability Criteria 9:20 Briefing -- Discussion Draft of Software Key Escrow Export Criteria Michael Nelson, Office of Science and Technology Policy 10:00 Industry Perspectives on Exportability Criteria (Industry briefings/reactions 5-10 minutes max.) 10:45 Break 11:00 Industry Perspectives on Exportability Criteria, continued. 11:45 Discussion of Breakout Session Tasks At registration, you will be asked to sign up for a breakout session. Groups A1, A2: Criterion #2 Groups B1, B2: Criteria #3, 4, 9 Groups C1, C2: Criteria #5, 6 Groups D1, D2: Criteria #7, 8 Criterion #10 is the subject of Session II, and criterion #1 (64-bit) is straight-forward. Breakout room assignments will be announced at this time. 12:00 Lunch (on own, cafeteria available) 1:00 Breakout session #1 Groups will be asked to: 1) determine whether each criterion is clear and, if not, propose appropriate modifications; 2) identify issues (which may arise from the criteria assigned to the group) which need to be addressed, and by whom; and 3) develop technical ideas/approaches for achieving each criterion. 3:00 Break 3:15 Plenary -- Reports from Breakout Session #1 4:00 Breakout Session #2 Participants will be asked to select either a technical or criteria-focused group. Technical groups are asked to: 1) synthesize the proposed technical approaches (just presented in plenary) and identify/discuss the most promising approaches. Criteria focused groups are asked to: 1) look at all criteria and the comments/issues raised and propose ways to reconcile any differences; and 2) prioritize the issues that remain to be addressed, if any, for each criterion. 5:00 End of day Thursday, September 7, 1995 9:00 Plenary -- Reports from Breakout Session #2 9:45 Export Licensing Process Randy Williams, U.S. Dept. of Commerce Dan Cook, U.S. Dept. of State 10:15 Questions / Discussion 10:30 Break Session II -- Desirable Characteristics for Key Escrow Agents 10:45 Panel: Government Perspectives on Key Escrow Agent Issues Geoff Greiveldinger, U.S. Dept. of Justice Ray Kammer, NIST Penny Brummitt, NSA 11:30 Industry Perspectives on K.E. Agent Issues 12:30 Lunch (on own, cafeteria available) 1:30 Breakout Session #3 Each group is asked to identify proposed key criteria for desirable escrow agents. Same groups and room assignments as Breakout session #1. 2:45 Break 3:00 Plenary - Report of Breakout Sessions Session III -- Other Related Issues 3:30 Other Issues This is an opportunity for participants to raise related key escrow issues. 4:30 Follow-up Issues & Wrap-up 4:45 Adjourn Note: The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton@micf.nist.gov. _ _ _ 9/1/95 -------------------------------------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #3 Export Criteria Discussion Draft -- 64-bit Software Key Escrow Encryption As discussed at the SPA/AEA meeting on August 17, 1995, the Administration is willing to allow the export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. On the same date, the September 6-7 key escrow issues meeting at NIST was also announced. The two principal topics at the meeting will be: discussion of issues of exportability of 64-bit software key escrow encryption and 2) desirable characteristics for key escrow agents. In order to help make most productive use of the limited time available at the upcoming meeting and to better focus deliberation, the following criteria are being distributed for discussion purposes. Since it is important that final criteria be clear, straightforward, consistent, and implementable, please review these draft criteria and be prepared to discuss how they may be refined and made more specific. Draft Export Criteria for Software Key Escrow Encryption Software key escrow encryption products meeting the following criteria will be granted special export licensing treatment similar to that afforded other mass-market software products with encryption. 1. The product will use an unclassified encryption algorithm (e.g., DES, RC4) with a key length not to exceed 64 bits. 2. The product shall be designed to prevent multiple encryption (e.g., triple-DES). 3. The key required to decrypt each message or file shall be accessible through a key escrow mechanism in the product, and such keys will be escrowed during manufacture in accordance with #10. If such keys are not escrowed during manufacture, the product shall be inoperable until the key is escrowed in accordance with #10. 4. The key escrow mechanism shall be designed to include with each encrypted message or file, in a format accessible by authorized entities, the identity of the key escrow agent(s), and information sufficient for the escrow agent(s) to identify the key or key components required to decrypt that message. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. 7. The key escrow mechanism allows access to a user's encrypted information regardless of whether that user is the sender or the intended recipient of the encrypted information. 8. The key escrow mechanism shall not require repeated involvement by the escrow agents for the recovery of multiple decryption keys during the period of authorized access. 9. In the event any such product is or may be available in the United States, each production copy of the software shall either have a unique key required for decrypting messages or files that is escrowed in accordance with #10, or have the capability for its escrow mechanism to be rekeyed and any new key to be escrowed in accordance with #10. 10. The product shall accept escrow of its key(s) only with escrow agents certified by the U.S. Government or by foreign governments with which the U.S. Government has formal agreements consistent with U.S. law enforcement and national security requirements. Note: Software products incorporating additional encryption methods other than key escrow encryption methods will be evaluated for export on the basis of each encryption method included, as is already the case with existing products. Accordingly, these criteria apply only to the key escrow encryption method incorporated by a software product, and not to other non-escrowed encryption methods it may incorporate. For instance, non-escrowed encryption using a key length of 40 bits or less will continue to be exportable under existing export regulations. - - - Please also review discussion paper #1 (distributed earlier), which raises a number of issues involving exportability criteria and how exportable products could be designed. Discussion paper #2 (also previously distributed) presents questions involving key escrow agents. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton@micf.nist.gov. 9/1/95