December 27, 1996
See memorandum setting up KMI program.
URL: http://csrc.nist.gov/tacdfipsfkmi/
The Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure was recently established by the Department of Commerce. The Committee, which was formally chartered on July 24, 1996, held its first meeting on December 5-6, 1996.
| Date | Location |
|---|---|
| February 19-20, 1997 | San Francisco area, exact venue TBD |
| April 23-24, 1997 | TBD |
| June 18-19, 1997 | TBD |
| August 27-28, 1997 | TBD |
| October 15-16, 1997 | TBD |
| December 17-18, 1997 | TBD |
U.S. DEPARTMENT OF COMMERCE
CHARTER OF THE
TECHNICAL ADVISORY COMMITTEE TO DEVELOP A FEDERAL INFORMATION
PROCESSING STANDARD FOR THE FEDERAL KEY MANAGEMENT INFRASTRUCTURE
ESTABLISHMENT:
In accordance with the Federal Advisory Committee Act (5 U.S.C. app.2),
the Secretary of Commerce hereby establishes the Technical Advisory
Committee to develop a Federal Information Processing Standard for the
Federal Key Management Infrastructure. The Committee is being
established in the public interest in connection with duties imposed on
the Department of Commerce by P.L. 104-106.
OBJECTIVE AND DUTIES:
1. The Committee shall make technical recommendations regarding the
development of a draft Federal Information Processing Standard (FIPS)
for the Federal Key Management Infrastructure.
2. The Committee will function solely as an advisory body, in
accordance with the provisions of the Federal Advisory Committee Act.
MEMBERS AND CHAIRPERSONS:
1. The Secretary of Commerce shall appoint the members of the
Committee. Members shall be selected solely on the basis of
established technical expertise in cryptography and the implementation
and use of cryptographic systems. Employees of the Federal Government
may serve as members of the Committee.
2. The membership of the Committee shall consist of no more than
twenty-four members. The term of office of each member of the Committee
shall be two years, except that vacancy appointments shall be for the
remainder of the unexpired term of the vacancy.
3. Any person who has completed two consecutive full terms of service
on the Committee shall be ineligible for appointment for a third term
during the one year period following the expiration of the second
term.
4. The Committee chairperson shall be appointed by the Secretary of
Commerce.
ADMINISTRATIVE PROVISIONS:
1. The Committee shall report to the Secretary of Commerce. NIST shall
provide staff support for the Committee.
2. The Committee will meet at least quarterly at the call of the
chairperson, except that additional meetings may be called whenever
one-third of the members so request in writing.
3. Members of the Committee will not be compensated for their services,
but will, upon request, be allowed travel expenses in accordance with 5
U.S.C. 5701 et seq., while attending meetings of the Committee or of
its subcommittees, or while otherwise performing duties at the request
of the chairperson, while away from their homes or a regular place of
business.
4. The annual cost of operating the Committee is estimated at $120K and
1.5 work years of staff support.
5. The Committee shall not act in the absence of a quorum, which shall
consist of a majority of members of the Committee.
6. The Committee may establish such committees and subcommittees of its
members as may be necessary, subject to provisions of the Federal
Advisory Committee Act and the Department of Commerce Committee
Management Handbook.
DURATION:
This charter shall terminate two years from the date below unless
earlier terminated or renewed by proper authority by appropriate
action.
JUL 24 1996 R. G. Kammer /s/
____________________ ___________________________
Date Acting Chief Financial Officer
and Assistant Secretary for
Administration
Published 7-8-96 in the Federal Register, Volume 61, Number 131 U.S. DEPARTMENT OF COMMERCE Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure In accordance with the provisions of the Federal Advisory Committee Act, 5 U.S.C. App. 2, and the General Services Administration (GSA) rule on Federal Advisory Committee Management, 41 CFR Part 101-6, and after consultation with GSA, the Secretary of Commerce has determined that the establishment of the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure is in the public interest in connection with the performance of duties imposed upon the Department by law. The Committee will advise the Secretary on the development of a draft Federal Information Processing Standard for the Federal Key Management Infrastructure. The Committee will consist of no more than twenty-four members to be appointed by the Secretary to assure balanced representation among individuals with established expertise in cryptography and the implementation and use of cryptographic systems. The Committee will function solely as an advisory body, and in compliance with provisions of the Federal Advisory Committee Act. The charter will be filed under the Act, fifteen days from the date of publication of this notice. Interested parties are invited to submit comments regarding the establishment of this committee to Edward Roback, Computer Security, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone: 301-975-3696. Dated: June 27, 1996 Mark Bohannon Chief Counsel for the the Technology Administration [FR Doc. 96-16896, Filed 7-5-96; 8:45 a.m.]
First Meeting Announced The following notice appeared in the Federal Register on 11-19-96: --- U.S. Department of Commerce Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure Agency: Technology Administration, Commerce Action: Notice of open meeting. Summary: Pursuant to the Federal Advisory Committee Act, 5 U.S.C. App., notice is hereby given that the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure will meet on December 5 and 6, 1996. The Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure was established by the Secretary of Commerce to provide industry advice to the Department on cryptographic key recovery in the Federal Key Management Infrastructure. All sessions will be open to the public. Dates: The meeting will be held on December 5 and 6. On December 5th, the meeting will take place from 11:00 a.m. to 6:00 p.m. On December 6th the meeting will take pace from 8:30 a.m. to 6:00 p.m. Address: The meeting will take place at the Sheraton Grand Hotel at Dallas/Ft. Worth Airport [Highway 114 & Esters Boulevard], 4440 W. John Carpenter Freeway, Irving, Texas. For further information contact: Edward Roback, Computer Specialist, Computer Security Division, National Institute of Standards and Technology, Building 820, Room 426, Gaithersburg, Maryland, 20899; telephone 301-975-3696. Supplementary Information: 1. Agenda: Opening Remarks Chairperson's Remarks Review of Committee Tasking Review of Rules Regarding Committee Operations Introduction/Perspectives of Committee Members & Organizations Technology Briefings News Updates Workplan Development Discussion of Assignments Public Participation Plans for Next Meeting Closing Remarks Note that the items in this agenda are tentative and subject to change due to logistics and speaker availability. 2. Public Participation: The Committee meeting will include a period of time, not to exceed thirty minutes, for oral comments from the public. Each speaker will be limited to five minutes. Members of the public who are interested in speaking are asked to contact the individual identified in the "for further information" section. In addition, written statements are invited and may be submitted to the Committee at any time. Written comments should be directed to the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure, Building 820, Room 426, National Institute of Standards and Technology, Gaithersburg, Maryland, 20899. It would be appreciated if thirty five copies could be submitted for distribution to the Committee. 3. Additional information regarding the Committee [is available] at its world wide web homepage at: http://csrc.nist.gov/tacdfipsfkmi/ . When Committee appointments are announced, they will made available via the homepage. 4. Should this meeting be canceled, a notice to that effect will be published in the Federal Register and a similar notice placed on the Committee's homepage. Dated: November 13, 1996 Signed: /s/ Mark Bohannon Chief Counsel for Technology Administration
Agenda Meeting of the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure December 5-6, 1996 Sheraton Grand Hotel at Dallas/Ft. Worth Airport Dallas, Texas Note: All portions of Committee meetings will be open. Thursday, December 5, 1996 11:00 Welcome, Agenda Overview, Initial Introductions Executive Secretary Edward Roback 11:10 Chairperson's Remarks Stephen Kent 11:15 Opening Address Under Secretary of Commerce for Technology, Mary L. Good 11:35 Discussion and Member Introductions / Perspectives (Part I) 12:30 Lunch (on own) 2:00 Member Introductions / Perspectives (Part II) 3:45 Break / Recess of Formal Meeting 4:00 Information Briefing: Ethics and Federal Advisory Committee Act Office of the General Counsel, U.S. Department of Commerce David Maggi Friday, December 6, 1996 Resume Formal Meeting 9:00 Member Introductions / Perspectives (Part III) (as necessary) 10:15 Break 10:45 Information Briefing: Federal Key Recovery Pilots Patricia Edfors 11:45 Framing Issues for Discussion Stephen Kent 12:00 Lunch (on own) 1:30 Logistics & Timing: Future Meetings Discussion of Agenda for Next Meeting 1:45 Development of Workplan, Work Groups, etc. 3:15 Break 3:30 Public Participation (5 min. max per speaker; sign up in advance with Secretary) 4:00 Open 5:00 Adjourn
Membership List (as of 12/6/96) Chairperson: Dr. Stephen Kent, BBN Systems Members: Mr. Joe Alexander, Sun Microsystems Federal, Inc. Dr. Josh Benaloh, Microsoft Corp. Mr. Walter Boland, GlobalKey, Inc. Dr. Ernest Brickell, CertCo Mr. Thomas Cahill, Chase Manhattan Bank Mr. David Carman, Trusted Information Systems, Inc. Dr. Santosh Chokhani, CygnaCom Solutions Dr. Dorothy Denning, Georgetown University Dr. John Edwards, Digicom, Inc. Mr. Garland Ellis, Sr., Intel Corp. Dr. Mark Etzel, Lucent Technologies Mr. William Franklin, AT&T Mr. Roger French, Digital Equipment Corp. Mr. Richard Hite, Visa International Mr. Russell Housely, Spyrus, Inc. Mr. Ken Konechy, Rainbow Technologies Dr. Michael Markowitz, Information Security Corp. Dr. Stephen Matyas, IBM Corp. Mr. Joseph Pato, Hewlett-Packard Corp. Mr. Donald Rothwell, Motorola Note that appointments of three additional individuals are pending. Executive Secretary: Mr. Edward Roback, NIST
*Draft Charge Statement* Note that this draft was also distributed at the first meeting on December 5-6, 1996. Draft (9/1/96) Charge to the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure Use of strong cryptography on a widespread basis in the GII requires a supporting infrastructure, including the provision of many services (e.g, authentication, trusted notary, etc.) One important service is key recovery (for keys used for confidentiality). This will help protest users when keys are lost or destroyed, and also assist law enforcement decrypt information under lawful circumstances. To facilitate provision of key recovery services for its own use, the government needs a Federal Information Processing Standard. The standard must be developed by working with those who produce and use cryptographic technologies in the private sector. The Advisory Committee, which will be comprised primarily of private sector individuals, will be an important vehicle by which the government gains the benefit of private sector input in developing this standard. To a certain extent, the committee resembles the standards development committees utilized by the private sector; however, it is intended that this Committee provide technical recommendations to the Secretary of Commerce on the development of a standard. When completed, the standard will enable key recovery services for use within the government which are compatible with private sector activities. The Advisory Committee's work will gain from the experiences of the key management infrastructure pilot projects, including key recovery services, underway within the government, which can provide useful input and real-world experiences for the committee. The Committee's work will take place concurrently with (and not supplant) many ongoing private and public sector activities, such as those in the area of public key infrastructure. When adopted, the standard will be available to the public and private sector (on a voluntary basis) for providing key recovery services. What is the exact task of the Committee? The Committee's assignment, as discussed in the charter, is to make technical recommendations regarding the development of a draft FIPS for Cryptographic Escrow Systems which could be incorporated into a Federal Key Management Infrastructure. The Committee will focus on the data recovery services of the Federal Key Management Infrastructure for both stored and communicated information. Consequently, the work assignments of the Committee are as follows: - Developing recommended recovery system requirements (for confidentiality keys/plaintext, not keys used only for digital signature); - Drafting specifications or protocols for: -- registration and re-registration of encryption keys (could be for user keys, organization keys, master keys, session keys, time period keys, etc.); -- recovery of encryption-related keys and/or other information necessary for decryption for law enforcement access; and -- use of more than one TTP for split-key storage. - Recommending validation/certification requirements for recovery systems, escrow entities, and products. Pending successful completion of these tasks, additional related tasks, consistent with the Committee's charter, may be requested of the Committee by the Secretary of Commerce. What is outside the scope of the Committee's activities? Activities of federal advisory committees, including the TACDFIPSFKMI, must be consistent with their charter. The TACDFIPSFKMI charter specifies that "[t]he Committee shall make technical recommendations regarding the development of a draft Federal Information Processing Standard (FIPS) for the Federal Key Management Infrastructure." Some of the specific issues outside the scope of the Committee's charter include, but are not limited to: encryption export controls, federal policy on encryption and key recovery, the need for legislation or proposed legislation, access requirements of law enforcement, liability issues, non-key recovery related aspects of the Public Key Infrastructure, and the ability to limit third party disclosures. The Committee, however, may have to be have a working knowledge of some of these topics. It is the responsibility of the Designated Federal Official assigned to the Committee to assure that the Committee acts within the limits of its charter and the law. How will Committee recommendations be used? Recommendations made by the Committee will be considered by NIST in formulating a draft FIPS which will be announced in the Federal Register for public review and comment. Once comments are received and analyzed, the draft FIPS is modified as appropriate and forwarded to the Secretary of Commerce for approval. FIPS apply to federal organizations, and may be utilized by those outside the Federal government on a voluntary basis. Within the government, FIPS may be either mandatory or advisory, as determined by the Secretary of Commerce. Will Government representatives be on the Committee? Since the purpose of the Committee is to provide the Government with industry suggestions for meeting Government's key recovery requirements, Government officials will not be official voting members of the Committee. Instead, a limited number of adjunct seats (e.g., 5-7, above and beyond the Committee's maximum size of 24 members) will be available for government technical experts to interact with the Committee during its meetings, explain government requirements, answer pertinent questions and offer explanations of its experiences with key recovery systems.
Note: see papers on key management presented at the National Information Systems Security Conference, October, 1996.