From: Steve Lipner <m05421(_at_)mwunix(_dot_)mitre(_dot_)org>
X-Mdf: shirey <Shirey, Robert W> re-routed to
"shirey(_at_)smiley(_dot_)mitre(_dot_)org"
There was a transcription error in the version of "motion 1" in the
CSSPAB position on DSS that was sent out over the Risks forum. The
attached reflects the correct version that was sent out as the Board
position on the subject. (The difference is that this version says
what ought to happen as a result of the policy review).
- ------- Forwarded Message
From: MCNULTY(_at_)ECF(_dot_)NCSL(_dot_)NIST(_dot_)GOV
Date: Fri, 27 Mar 1992 11:10:10 -0500 (EST)
Subject: CSSPAB Resolution #1.
To: csspab(_at_)mail-gw(_dot_)ncsl(_dot_)nist(_dot_)gov
To: Members of the CSSPAB
From: Lynn McNulty
Ed Zeiteler recently brought to my attention an inadvertent slipup,
which I have corrected in the text of the Board's first resolution.
[I did confirm this text from my handwritten notes at the meeting.]
The letters have not gone out yet, so the recipients will have the
full text.
The sentence "This national review should be concluded by June
1993." should read: "This national review should be concluded by
June 1993 and should result in a national policy concerning the use
of cryptography in unclassified/sensitive government and the
private sector." Corrected text for Resolution #1 follows:
-----------------------------------------------------------
COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD
RESOLUTION #1
March 18, 1992
The Board has examined the present status of the proposed Digital
Signature Standard (DSS) being undertaken by the National Institute
of Standards and Technology (NIST). In view of:
(1) the significant public policy issues raised during the review
of the proposed standard;
(2) the increasingly pervasive use of digital technologies;
(3) the potential impacts upon the security of the
unclassified/sensitive government community;
(4) the relationship of the DSS to the existing NIST cryptographic
security program; and
(5) the posture of the U.S. in international commerce.
THE BOARD FINDS THAT:
(1) a national level public review of the positive and negative
implications of the widespread use of public and private key
cryptography is required. This national level review must
involve the national security, law enforcement, government
unclassified/sensitive, and commercial communities.
Representatives from the private sector should include both
vendors and users. In the next several months, NIST/NSA
should sponsor a workshop on the widespread use of
cryptography. This national review should be concluded by
June 1993 and should result in a national policy concerning
the use of cryptography in unclassified/sensitive government
and the private sector.
(2) NIST has made significant progress in resolving the technical
issues related to the proposed DSS. The Board recommends that
NIST continue to seek resolution of the patent,
infrastructure, and other remaining issues raised during the
public comment process. The Board recognizes that much of the
work, and in particular the infrastructure, are algorithmic
independent and must be continued by NIST to assure timely
implementation of digital signature technology within the
government.
FOR: Colvin, Gallagher, Gangemi, Kuyers, Lipner, Philcox, Rand,
Walker, Wills, and Zeitler
AGAINST: None
ABSTAIN: None
Motion Unanimously Approved.
- ------- End of Forwarded Message
------- End of Forwarded Message