Kawika Daguio on NSA Release of Algos

24 June 1998
Date: Wed, 24 Jun 1998 105900 -0400
From: "Kawika Daguio" <Kdaguio@aba.com>
To: pgut001@cs.auckland.ac.nz
Cc:cryptography@c2.net
Subject: Re NSA Declassifies Algos -Reply

Releasing these algos was a smart and sound move on the NSA's part.

I have spent way too much time over the last 5 years trying to get
the NSA to be more open than they have been and to take more risks 
to support their protection mission.  They are doing a tremendous 
job compared to a few years ago and we have welcomed their actions 
which acknowledge that protection is becoming as important as 
exploitation.  This move gives me hope that this trend will continue 
if not accelerate.

The NSA has worked with the banking industry for over 20 years to 
guide the industry away from a number of potentially problematic 
infosecurity approaches thus helping vendors to meet the banking 
industry assurance requirements as well as guidance to help limit 
implementation problems.   Their most important contributions have 
come in the area of development of security standards in ANSI X9F 
committees.  While we have had disagreements in the past that led to 
the enactment of the Computer Security Act, and other fallout, there 
is a growing, but still limited trust between our two worlds. I 
would expect that those that examine the algorithms will find they 
have practical application and non-conspiracy theorists will find 
comfort in their provenance rather than a threat.

We have hoped that the NSA would be more active, visible, and open 
about the algorithms in their vaults and those the private sector 
develops. Unfortunately, however,  any public activity on their part 
usually brings immediate and overwhelming negative public relations 
consequences regardless of the nature of their initiative.  As a 
result even when the wish to help industry more they are reluctant 
to actually face the risks involved.  To my regret, because of the 
Clipper and KR debate related public relations damage, the Agency 
has been unwilling to contribute an algorithm to the AES beauty 
contest despite my requests that they do so in the interest of 
advancing national security.  

We rejected using SJ/KEA  and fortezza cards for a PKI almost 4 years 
ago when the government offered them to us even in a built in a way 
that would have separated us from the government KE/KR infrastructure.  
Among the original 5 public reviewers of these algorithms are a couple 
from our community, and we were also offered an opportunity to review 
the algorithms on an indepth basis.   

The banking industry wants more good choices and our sector believes 
that alot can be learned from an "allied" group that hammers on crypto 
on an unparalleled basis in a production oriented environment.  
Brilliant academics and entrepreneurial technologists have great 
potential and have contributed much, but nothing beats money, manpower, 
and experience.  Transferring some of the fruits of  this experience is 
a recommendation that I made while on a PCCIP (critical infrastructure) 
R&D committee appointment.

I hope that they share more of the fruits of their past efforts on terms 
negotiated with N and industry.   I believe that it is entirely 
appropriate that they have declassified these algorithms and they should 
continue along this line by being more visibly active in the AES 
evaluations now that the time for submissions has passed.  Also, given 
the expected adoption of the ECDSA by a number of critical infrastructure 
sectors, it is thus reasonable to expect that a significant level of 
resources be expended to insure that no surprises arise after it is made 
a standard, and implemented widely.

We have repeatedly argued that equivalent resources be allocated early 
in the standards process to the algorithms that industry is pursuing as 
if an actively hostile nation were using it.   We would expect that 
information be shared and guidance be forthcoming to ensure that a 
"known" problem in the secret world be shared with those operating or 
supplying technology solutions to critical infrastructure sectors.

Transferring these algorithms is a great start, but continued openness 
and advancement of mutual interests requires the NSA and the private 
sector to be open and take risks and extend some measure of trust beyond 
their own domains.  I hope it happens, if it does I am confident we will 
all benefit.

-----

The above represent my views and not to be considered the views of the 
american bankers association or the financial institutions we represent 
unless otherwise indicated.

kawika daguio