I (David Lesher) attended the NIST Key Escrow conference this week. Here are my impressions. In theory, NSA/NIST scheduled it to seek consensus from industry on how to set up a Gov't Access to Keys (hereafter GAK) program they'd be happy with. The bait was, NSA would allow export of same. The rub was, NSA attempted to set all the ground rules before starting. They had ten conditions any proposal had to meet. (http://www.eskimo.com/~joelm/criteria.txt) With the rules available on-line, I'll not duplicate them all. But #1 is roughly: unclassified algorithm NTE 64 bits. and #10: Only key agents sanctioned by USG. Sanctioning by formal agreements "consistent with US law enforcement and National Security requirements." The conference was attended by I'd guess 150 Industry Bigwigs. LOTS of expensive suits ;-}. There were also more declared NSA types than I'd ever seen before anywhere outside the Fort. Specific names I saw: (and no, I can't spell...) Win Diffe of Sun D. Denning Stuart Baker, late of NSA Lance Hoffman of GWU Carl Ellison of TIS Edward Scheidt of TECSEC It opened with speeches by Ed Roback & Ray Kammer of NIST. The meat started with Michael Nelson of the White House. He attempted to justify the GAK policies but did not appear to make any converts. He made (IMHO) denigrating remarks about trusting ~"code from the 'Net' with your secrets" but evaded questions about why anyone would trust keys given to other governments... (Prevailing throughout the conference was a dichotomy. The official justification for the conference was "export use" but when questions arose the specter of the 4 Horsemen of the Net-Apocalypse came up again and again.) Then the meeting broke up into working groups. Each group discussed some subset of the 10 rules then reported back to the whole. We actually did this three times. Intermixed with this were various presentations. (See the www site.) At best, the working groups came back with no suggestions; at worst they returned in open revolt. The end result was a parsec wide gap between industry & NSA. Seemingly EVERY speaker the second day prefaced his/her remarks with some form of "Do not assume our presence here is an endorsement, because it is NOT.." The Merrill-Lynch VP representing the securities industry association saw nothing to take back to his members. But it was Robert Holleyman, President of the Business Software Alliance who drew the biggest standing ovation. ( Read his paper on the WWW site.) His closing sentence seemed to say it all: Instead of paving the roads, the Administration has left in place roadblocks on the Information Highway. Everyone who mentioned it felt the FIPS meeting planned for the 15th was premature at best. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close...........(v)301 56 LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead........vr vr vr vr.................20915-1433