19 April 1997
Thanks to Paul Robichaux
Date: Fri, 18 Apr 1997 10:18:06 -0500
From: Paul Robichaux <firstname.lastname@example.org>
Subject: Re: Escrow agencies closed?
>On Thu, 17 Apr 1997, Rick Smith wrote:
>> Someone just told me that the Clipper/Capstone/Fortezza escrow
>> organizations were shut down at the Treasury and Commerce, and that they're
>> currently stripping the LEAF support out of the Fortezza cards. Evidently
>> this happened a couple of months ago.
>> Has anyone seen an announcement anywhere?
LEAF support is being removed; it was announced on 3/14, but surprisingly didn't get much play here or anywhere else. The press release is at http://www.dtic.dla.mil/defenselink/news/Mar97/b031497_bt120-97.html
[OASD banner omitted]
March 14, 1997
Deputy Secretary of Defense John P. White has approved changes in the Department of Defense's encryption policy for computer products.
This decision aligns the FORTEZZA card, a low cost cryptographic token for digital signature and encryption services at the desktop, and its associated public key infrastructure with the Clinton Administration's October 1996 policy promoting "key recovery."
As outlined in the Administration policy, key recovery relies on trusted parties to verify digital signatures and also hold spare keys to confidential data. Those keys could be obtained only by persons or entities that have lost the key to their own encrypted data, or by law enforcement officials acting under proper authority. It is analogous to asking one's neighbors to safeguard house keys. This policy adopts a market- driven approach to promoting global key recovery with industry.
Originally the FORTEZZA crypto card implemented the "key escrow" mechanism outlined in Federal Information Processing Standard (FIPS)-185. Key escrow called for government agencies, rather than private parties, to hold the key data.
The National Security Agency, the developer of the FORTEZZA card, will no longer implement the FIPS and will implement the transition to key recovery with the upcoming large volume deliveries of cards for the Defense Message System. Such deliveries are expected in April.
Pending availability of commercial products which support the global key recovery infrastructure sought by the Administration's new policy, the existing FORTEZZA infrastructure will provide an interim capability for addressing key recovery. Concurrently, the Administration is continuing to work in cooperation with industry and foreign governments on the development and deployment of a global key recovery standard.
Note: For comprehensive information on the FORTEZZA cryptographic system -- its history and purpose, documentation and standards, military and governmental users, testing and trouble-shooting, and product manufacturers -- see the National Security Agency's FORTEZZA site at: http://www.armadillo.huntsville.al.us/.