Harry identified several names on the CLIPPER list, including:

mcnulty@ecf = F. Lynn McNulty an associate director for computer security at the National Institute of Standards and Technology's Computer Systems Laboratory

At this Fall's National Computer Security Conference, Mr. McNulty was a speaker on the NIST's digital signature session. They talked about both the non-RSA DSS, and use of Certifying Authorities with a RSA-based scheme. At that same conference, I gave a paper on security that described a fishnet of trust between systems. This was written in February 92, well before I read Phil's "web of trust" from the PGP docs, which I read sometime over the summer. During the Q&A, I asked Mr NcNulty to compare the advantages and disadvantages of a heirarchical CA approach to an interlocking fishnet/web of trust. I hoped he would at least recognize that any heirarchy has problems from the top down if an upper level is compromised. Instead, he could not address any differences. I believe that working in the government has made the hierarchy seem to be the only implementation that he envisioned. He fobbed the question off to one of his technical underlings, but he, too, was unable to answer it (or even coherently address it). I believed then (and still do) that the closed loop process used by NIST and the TLAs has caused them to overlook a number of promissing alternatives. This means that we crypto-provacy advocates must start an education effort. Pat