>From the 02/02/99 web access list for www.softwar.net gatekeeper.eop.gov 10:27:46 /softb.html 10:28:36 /nist.html 10:29:11 /index.html 198.137.241.100 GOV.EOP = EXECUTIVE OFFICE OF THE PRESIDENT Once again, the White House has visited the Softwar web site. FYI - Pssst... for anonymous www browsing go to: http://www.anonymizer.com/ This time the White House seems to be interested in the FOIA documents obtained on the CLIPPER chip. Here is one of the documents at http://www.softwar.net/nist.html ================================================================= NASA LETTER REJECTING CLIPPER NASA National Aeronautics and Space Administration Washington D.C. 20546 JTD James H. Burrows, Director Computer Systems Laboratory Technology Building, Room B154 National Institute of Standards and Technology Gaithersburg, Maryland 20899 Dear Mr. Burrows: NASA has reviewed the proposed Federal Information Processing Standard (FIPS) for and Escrowed Encryption Standard (EES) and provides comments below. NASA does not support the adoption of the proposed FIPS for and EES. NASA understands the need to keep sensitive, unclassified information from those without a need to know, however the EES is not appropriate for use in the NASA environment. Many NASA organizations are currently utilizing Data Encryption Standard (DES) based devices for the telecommunication of sensitive unclassified data. NASA has identified several EES-related issues that need to be addressed. The significant issues are discussed below. 1. Devices using the EES (CAPSTONE and CLIPPER), which implement the classified SKIPJACK algorithm, must be programmed. The chip programmer is a device provided by the National Security Agency (NSA). There is no assurance, without scrutiny, that all keying material introduced during the chip programming is not already available to the NSA. Thus, not only do the key escrow agents have a decryption capability,the NSA also retains this capability. As long as the programming devices are controlled by the NSA, there is no way to prevent the NSA from routinely monitoring all SKIPJACK encrypted traffic. Moreover, compromise of the NSA keys, such as in the Walker case, could compromise the entire EES system. 2. Users with criminal intent who are smart enough to use encryption will employ their own algorithms, thereby defeating EES devices. Should EES devices be mandated under law, these users will still encrypt the information feeding into the EES devices, thereby defeating EES. 3. Commercial and international use issues must be resolved in order for there to be value to the government. If the EES is not adopted by non-government organizations, Federal agencies will be impacted by a significant cost and inefficiency factors. This is particularly true of government agencies with many non-government customers and suppliers. 4. Implementation of this standard would result in a significant, adverse impact to NASA. The Headquarters Computer Network, other local area networks, and many computers that are not TEMPEST-rated would have to be modified or replaced at considerable cost. NASA would no be able to use the Internet or any other network that did not use the same encryption method and the same encryption key. EES devices offer no significant benefit to NASA over existing DES-base devices and their implementation would adversely impact many NASA organizations. Therefore, NASA does not concur with the adoption of the proposed FIPS for an EES. Benita A. Cooper Associate Administrator for Management Systems and Facilities ================================================================ 1 if by land, 2 if by sea. Paul Revere - encryption 1775 Charles R. Smith SOFTWAR http://www.softwar.net [EMAIL PROTECTED] Pcyphered SIGNATURE: Pcyphered SIGNATURE: EF4F4E758A0DB653D570B36A141A18ABB52EA02D3B35F41EAB666C59F4DA23DE 5469A2BBA1641293222B2759FD508D0B4525E69022094DF0F0C594E6828CE800 82798890AFBB6488 ================================================================ SOFTWAR EMAIL NEWSLETTER 02/02/99 *** to unsubscribe reply with "unsubscribe" as subject *** ================================================================
