From: iw@all.net
Subject: IW Mailing List history/951201
---------------------------------------------
From: NSR@DGS.dgsys.com
Date: Fri,  1 Dec 95 17:33:38 PST

... I believe that the IW phenomenon is becoming a little overblown,
which is quite a feat because I also believe it is the most significant
development in the development of warfare since the shift from agrarian
to industrial tools for combat.

IW is simply a way to apply the evolving doctrine of warfare (primarily
maneuver and unconventional/low intensity theory) to an
information-based economy.  Unfortunately, most of the security
establishment sees IW as a way to preserve their existing, obsolete,
ways of doing things. 
---------------------------------------------
Moderator's note:

The issue of cryptography and key escrow systems may be core to the
soft-kill components of future IW.  For that reason, I have included the
following background piece.  Please note that France (as an example)
requires all keys for encrypted traffic to be provided to the government
prior to use.  A few exceptions to this were recently permitted (I seem
to recall).  Opinions are solicited from list members on the impact of
key escrow systems and strength of cryptography on the IW environment. 

---------------------------------------------

Nov. 6, 1995
Contact:  Anne Enright Shepherd (301) 975-4858 anne.shepherd@nist.gov

	Revised proposed export criteria for software encryption
products using a key escrow mechanism are now available for public
review.  Public comment will be solicited at a Dec.  5 meeting to be
held at the Commerce Department's National Institute of Standards and
Technology. 

	At a minimum, Government representatives are scheduled to attend
from the Office of Science and Technology Policy, National Security
Council, the U.S.  Department of State, the U.S.  Department of Justice,
the U.S.  Department of Commerce, the National Security Agency, and the
Federal Bureau of Investigation. 

The meeting will be held on Tuesday, December 5, 1995 from 9:00 a.m.  to
5:00 p.m.  at NIST in Gaithersburg, Maryland in the Red Auditorium of
the Administration Building.  Please register via e-mail (to
"elaine.frye@nist.gov") or via fax (301-948-1784) before November 30,
1995.  To register, please provide: 1) your name, 2) organization, 3)
postal address, 4) phone, 5) fax number and 6) e-mail address. 
Alternatively, walk-up registration will be available on-site the day of
the meeting. 
...

Draft Software Key Escrow Encryption Export Criteria
                   (11/95 version)

Export control jurisdiction for a software key escrow encryption product
that meets the following criteria, as determined by the U.S.  Department
of State after a one-time review, will be transferred to the U.S. 
Department of Commerce for export licensing.  These criteria do not
alter existing licensing practices applicable to other encryption
products or modes.  Vendors must still submit other encryption to the
U.S.  Department of State for review and export licensing, or
jurisdiction transfer as appropriate.  Vendors contemplating the
development of encryption products are encouraged to discuss their
export objectives with the U.S.  Government. 

Key Escrow Feature

1.  The key(s) required to decrypt the product's key escrow
cryptographic functions' ciphertext shall be accessible through a key
escrow feature. 

2.  The product's key escrow cryptographic functions shall be inoperable
until the key(s) is escrowed in accordance with #3. 

3.  The product's key escrow cryptographic functions' key(s) shall be
escrowed with escrow agent(s) certified by the U.S.  Government, or
certified by foreign governments with which the U.S.  Government has
formal agreements consistent with U.S.  law enforcement and national
security requirements. 

4.  The product's key escrow cryptographic functions' ciphertext shall
contain, in an accessible format and with a reasonable frequency, the
identity of the key escrow agent(s) and information sufficient for the
escrow agent(s) to identify the key(s) required to decrypt the
ciphertext. 

5.  The product's key escrow feature shall allow access to the key(s)
needed to decrypt the product's ciphertext regardless of whether the
product generated or received the ciphertext. 

6.  The product's key escrow feature shall allow for the recovery of
multiple decryption keys during the period of authorized access without
requiring repeated presentations of the access authorization to the key
escrow agent(s). 

Key Length Feature

7.  The product's key escrow cryptographic functions shall use an
unclassified encryption algorithm with a key length not to exceed
sixty-four (64) bits. 

8.  The product's key escrow cryptographic functions shall not provide
the feature of multiple encryption (e.g., triple- DES). 

Interoperability Feature

9.  The product's key escrow cryptographic functions shall interoperate
only with key escrow cryptographic functions in products that meet these
criteria, and shall not interoperate with the cryptographic functions of
a product whose key escrow encryption function has been altered,
bypassed, disabled, or otherwise rendered inoperative. 

Design, Implementation, and Operational Assurance

10.  The product shall be resistant to anything that could disable or
circumvent the attributes described in #1 through #9. 
---------------------------------------------
Date: Fri, 1 Dec 1995 21:06:19 -0500
From: jnepodal@mrj.com

Information Warfare has been with us ever since two people were at war. 
However, with the info explosion due to technical (i.e.  computer)
advances, a new "bit" driven dimension has been added, providing new
"targets" and "weapons". 
---------------------------------------------