FYI: Re: Re Dorothy Denning's knock on the Sobel DSS summary

[Dave Farber <farber () central cis upenn edu>]

------ Forwarded Message
Posted-Date: Wed, 19 May 93 12:47:52 -0700
Date: Wed, 19 May 93 12:47:52 -0700
From: godsdog () netcom com (Mitch Ratcliffe)
Message-Id: <9305191947.AA00359 () netcom3 netcom com>
To: farber () central cis upenn edu
Subject: Re: Re Dorothy Denning's knock on the Sobel DSS summary

Dave -- I'd just like to point out that Dorothy's comments on David Sobel's
summary of the DSS controversy are way off base. In no sense was NIST doing
things in a standard way. At first, they claimed to have developed the DSS.
MacWEEK reported in November 1991 that the NSA had admitted it developed the 
Digital Signature Algorithm used in the DSS. A flurry of letters complaining
that the public comment period was inappropriately short, especially in light 
of the inaccurate description of the algorithm's origin, forced NIST to extend
the comment period. The records of the DSS development are still incomplete,
despite CPSR's success with its FOIA request. No one outside the government is
convinced the DSS is as robust as RSA. If the NIST documents acquired by CPSR
are any indication, few inside the government believe DSS is as secure as RSA.

Now that the DSS is being folded into the Clipper and Capstone chips, there is
all the more reason for concern that all the technical information about the 
DSS is not available. My sources in the industry said the NSA is taking a new
approach, an "openness" cited by several folks and that's been apparent to me
when calling Fort Meade. By offering the DSS/Clipper/Capstone in the free
market the NSA may finally have turned the corner on public relations and come
to understand the power of providing information. Not that this means they'll
deliver the specs on the Skipjack algorithm -- rather, they may have grasped
the computer industry's tactic of flooding the market with irrelevancies which
create a sense of urgency. Now, the hardware and software vendors will be 
faced
with choosing between greed, as it will be rewarded by the Feds if the 
industry
adopts Clipper/Capstone, and principles of freedom of expression, privacy and
public debate, which cannot be quantified. 

I can see it now: Apple and Microsoft will be guaranteed hundreds of millions
in handheld computer sales -- if they standardize on Capstone security. 
They'll
turn to the user community and say, "We've received more cooperation and 
information than we could ever have expected from the NSA in days of yore. We
are satisfied that the NSA is earnest in its wish to help us provide users
with absolute security." The new openness is a smart marketing move on the 
NSA's
part, it places privacy advocates in the position of having to battle against
largely irrelevant information.          

Mitch Ratcliffe

------ End of Forwarded Message