On Jan 26, 2009, at 2:49 AM, Ivan Krstić wrote:
[A]ny idea why the Sectéra is certified up to Top Secret for voice
but only up to Secret for e-mail? (That is, what are the differing
requirements?)
I have no information, but a guess: Phone conversation encryption, at
all levels, has been around for many years. Email is a relative
newcomer. Further, the problem for voice is inherently simpler: A
conversation is transient. It's not expected to be recorded, and I'm
sure the devices are designed to make recording a conversation
difficult even for someone with full access to the phone. So you're
dealing with establishing a secure session, with nothing left after
the fact. If you're talking email, on the other hand, you're
inherently dealing with information at rest. That changes the whole
game, introducing issues of key management, maintenance of security
level of time - a conversation once completed is gone, so the question
of how to declassify it or move it to another compartment or whatever
cannot arise - how to deal with forwarding, and so on. All of this is
inherent in a usable email system. An email system for the White
House has the additional complication of the Presidential Records
Act: Phone conversations don't have to be recorded, but mail messages
do (and have to remain accessible).
It makes one wonder if this is a Sectéra limitation, a Sectéra-for-
the-President limitation, or whether there is no Top Secret email
infrastructure at all....
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
