Date: 23 Aug 1995 10:47:46 -0400 From: nobody@replay.com (Anonymous) Subject: Upcoming Key Escrow Meetings August 22, 1995 MEMORANDUM From: Ed Roback, NIST Subject: Upcoming Key Escrow Meetings Attached for your information are notices of two upcoming key escrow-related meetings. The first, to be held on September 6-7 at NIST will focus on two principal topics: 1) discussion of finalizing the criteria for the exportability of software key escrow encryption with 64-bit key space; and 2) the desirable characteristics for key escrow agents. The second will be held on September 15 at the Gaithersburg Hilton and will focus on the development of Federal Information Processing Standards for key escrow encryption, specifically to include software implementations. You are invited to attend one or both meetings and, if you so choose, to speak at these meetings. I hope to have sufficient time for discussion, and therefore encourage presentations to be clearly focused on the topic at hand. If you wish to attend, please notify me [sic] secretary, Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton@micf.nist.gov. Also, please let her know if you would like to make a presentation with your recommendations on either topic, or propose an additional topic. If you have any additional questions or suggestions, please feel free to contact me on 301-975-3696. Attachments (2) ---------------------------- Meeting Announcement: Key Escrow Issues The Commerce Department's National Institute of Standards and Technology invites industry representatives and other interested parties to a meeting on September 6 and 7, to discuss issues related to key escrow encryption. While not limited, two principal agenda items for discussion will be: 1) developing the criteria for software key escrow encryption exportability and 2) the desirable characteristics for U.S. key escrow agents. Industry has asked the government for criteria for the export of software key escrow encryption. Rather than simply publishing criteria, however, the Administration desires consultations with industry in preparing final criteria for publication. This session of the meeting will begin with a presentation of the government's perspective of the desirable criteria, followed by a chance for other participants to offer their thoughts on this issue as well as reaction to the federal perspective. Under acceptable criteria, the government is willing to allow for the export of strong cryptography (e.g., DES) when coupled with a key escrow mechanism. It is anticipated that this would be coupled with a one-time product review (e.g., as is the case for RC2/RC4 products) by the Department of State. Following such approval, the Department of Commerce would administer export regulations. The second session of the meeting will address the desirable characteristics of acceptable U.S. escrow agents. Clearly, if export of key escrow encryption products will be allowed, the cryptographic keys must be stored with some entity. This session will address the criteria for the approval of such organizations. It may also discuss what sort of legal protections, if any, may be necessary to provide, for example, against unauthorized release of encryption keys. Follow-up meetings to both issues may be necessary. Other related topics may be included, time permitting. Note that a separate meeting has been scheduled for 9/15/95 to discuss the development of federal standards for key escrow encryption. Government representatives will attend from the Office of Science and Technology Policy, the Department of State, the Department of Justice, the Department of Commerce, the National Security Agency, and the Federal Bureau of Investigation. If you would like to make a presentation with your recommendations on either topic, or propose an additional topic, please contact Ed Roback at NIST on 301-975-3696. Presentations may be limited in length to accommodate all speakers. The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton@micf.nist.gov. The meeting will be held at the NIST in Gaithersburg, Maryland. 8/17/95 --------------------------- Workshop Announcement: Developing Federal Key Escrow Standards On September 15, 1995, the Commerce Department's National Institute of Standards and Technology will hold an exploratory workshop on developing Federal Information Processing Standards (FIPS) for key escrow encryption, specifically to include software implementations. This effort is being initiated to further the Administration's commitment to federal use of key escrow encryption. Industry representatives and other interested parties are invited to the workshop to provide their perspectives on the desirable characteristics of key escrow encryption standards to NIST and other federal officials. Government representatives also will present their objectives and preliminary approach to this standards development process. Discussion will also include proposals for follow-on activities. For discussion purposes, one initial option for this standards activity may be to create a generic key escrow encryption standard containing criteria for federal use of key escrow techniques implemented in either software or hardware. This high-level standard could then be supplemented with lists of validated key escrow techniques. (Currently FIPS 185, "Escrowed Encryption Standard," a hardware-based standard, is the only FIPS-approved key escrow technique.) Guidance would also be needed to guide selection of appropriate key escrow techniques for particular applications. Key escrowing will be used by federal agencies (and others, if they so choose) in conjunction with FIPS-approved encryption techniques. Development and implementation of such standards are necessary to guide federal agencies in effectively and securely implementing key escrow encryption. If you would like to make a presentation with your recommendations for the development of federal key escrow standards, please contact Ed Roback at NIST on 301-975-3696. Presentations may be limited in length to accommodate all speakers. The meeting is open to the public, although seating is limited to approximately 100 individuals. Advance registration is requested; please call Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton@micf.nist.gov to register. The meeting will be held at Gaithersburg Hilton Hotel, 620 Perry Parkway, Gaithersburg, Maryland. 8/17/95 --