


              Minutes of the June 18-19, 1997, Meeting of the 
                        Technical Advisory Committee 
             to Develop a Federal Information Processing Standard 
              for the Federal Key Management Infrastructure

June 18, 1997

A quorum being present, the fourth meeting of the Committee was called to
order at 9:00 a.m. by the Chairman, Dr. Stephen Kent.  In addition to the
Chairman, members present were: Josh Benaloh, Tom Cahill, David Carman,
Santosh Chokhani, Paul Clark, Dorothy Denning, John Edwards, Mark Etzel,
Roger French, Richard Hite, Russ Housley, Ken Konechy, and Mike Matyas.
Government liaisons in attendance were: Michael Gilmore, Barbara Kirsch, Jan
Manning, Patricia Sefcik, Miles Smid, and Richard Sweeney.  Also attending
was Mark Bohannon of the Department of Commerce.  

Ed Roback, Executive Secretary, welcomed everyone and reviewed the agenda
for the two day meeting, which would be comprised of a series of working
group briefings, followed by detailed discussion and work planning.  (See
Reference #1.)  He asked whether any of the members or federal liaisons had
any announcements to make.  There being none, the floor was turned over to
the Chairman.

Dr. Kent began by discussing the need for working groups (WGs) to make more
progress between meetings.  At the last meeting, the Committee agreed that
the WGs would get their work products out to the entire Committee at least a
week before the meeting, so that it could be reviewed in detail.  However,
this schedule was not met by any of the WGs.  The Chairman expressed his
expectation that the Committee would do better in preparation for the August
meeting.

Next, each of the WGs was asked to provide a briefing on their activities
since the April meeting.  Note that the WGs do not act independently of the
Committee.  They function
solely to gather information or conduct research of the Committee, analyze
relevant issues and facts, or draft position papers for consideration by the
Committee.

Framework Briefing, WG#1, Mr. Roger French

Since the last meeting WG#1 has had teleconference calls, exchanges of
e-mail and  drafts of the model via fax.  Mr. French described the need to
outline the draft Federal Infomation Processing Standard (FIPS) and then
start "filling in the pieces."  The WG has been working on the "Announcement
Section" of the standard (which was discussed following all the WG
presentations).  Mr. French then asked Dr. Matyas to discuss progress on the
key recovery framework model. (See Reference #2).

Dr. Matyas reviewed the overall structure of the model, and then specific
details of the enablement and recovery components.  The enablement
components identified included:  System A/System B (crypto-enabled);
recovery information medium; and encryption data medium.  The recovery
components identified were:  requestor and recovery agent. Discussion
occurred regarding the generality of the model.  Also in the outline
presented  were the proposed  components of the key recovery infrastructure
model.  They were:  product vendors, registration agent, authentic public
key source, licensing agent and key recovery system.

Before proceeding to the next WG briefing, the Chairman discussed the nature
of the standard to be produced.  He observed that many FIPS tend to be
proscriptive in nature and pointed to their interoperability features.
However, FIPS 140-1, which is based on performance specifications, was
identified an example of one standard that was completely different from the
majority.  Dr. Kent asked the federal liaisons what sort of standard they
wanted in this area.  There should be some degree of consensus on whether
the focus is on interoperability or assurance of security.  No immediate
answer was forthcoming, although it was observed that a performance
specification might be all that the Committee could produce given its
December timeframe.  

Mr. Mark Bohannon stated that every ten days he briefs senior Administration
officials, including the Secretary of Commerce, on the status of this
Committee's activities. Under Secretary Mary Good left the Department in
early June (a vacancy still open), resulting in more interaction directly
with Secretary Daley, who has personally been receiving calls from his
Cabinet colleagues about the activities and status of this Committee.
Scheduled briefings to the White House, OMB, Justice, and other interested
agencies will be taking place in the next few weeks, with Dr. Kent
representing the Committee. The Secretary continues to believe that this be
an industry led effort and he hopes to receive the Committee's
recommendation by end of the year

Security Models Briefing, WG#2, Dr. Josh Benaloh

Dr. Josh Benaloh, representing the Security Models Working Group, presented
a briefing on the activities of their group. (See Reference #3.)  This
covered the NSA security requirements; it should not be possible for
unauthorized individuals to obtain keys and other data.  The decision of who
is authorized to obtain keys and other data should be made solely by the
owner of the product.  This generated some discussion.  Further security
requirements included key recovery agent requirements.  Discussion ensued
regarding the use of the term "owner" and how it refers to who has
permission to determine how the information will be used.  There is a need
for more detailed guidance from the federal agencies as to what the overall
federal requirements are.

Interoperability Briefing, WG#5, Mr. Paul Clark 

Mr. Clark outlined the interoperability issues and addressed what
information the requestor conveys to the registration agent.  (See Reference
#4.)  He provided examples of interoperability between components of the key
recovery model, including between the product vendor and the registration
agent, the vendor and the crypto-enabled system, and between two enabled
systems.  

Discussion of Draft Announcement Section of the Federal Information
Processing Standard (FIPS), Roger French

Since the last meeting, WG#1 has reviewed a draft of the "Announcement
Section" of the draft FIPS that the Committee is endeavoring to produce.
Note that this section is integral to the FIPS, and includes sections
discussing, for example, the applicability of the standard.  A draft was
distributed for Committee review and comment.  (See Reference #5.)  

The Committee reviewed this document in some detail.  The Chairman
volunteered to revise the draft for discussion at the August meeting.  Among
the many suggestions was one to add additional examples of how organizations
such as SBA, SSN, HCFA have a need to protect sensitive data.  

The meeting then recessed for the day.
 
June 19, 1997

Discussion of Draft FIPS Outline

The Committee reconvened and focused its attention on the outline of the
main body of the standard.  The initial outline was:

1.  CKRS model 
o  encryption process
o  recovery process   
o supporting emphasis 

(Above would draw upon Dr. Matyas' diagrams and should include some concrete
examples.)

2.  CKRS security       
o  confidentility
o integrity
o authenticity
o authoritization (access control)
o  non-repudiation
o survivabilty
o availability

3.  Interoperability    
System A-B
Requestor and Key Recovery Agent
Requestor and Registration Agent

4.  Documentation
Description of Components and Interactions
Security Compliance
Interoperability Compliance

5.  Assurance
Component  Testing
System Testing
Lifecycle Testing
Audits (field) 

Appendix
System examples

After further discussion, it was agreed that the existing WGs would be
redirected to focus on addressing various sections of the outline, as follows:

Section WG                                              Chair
1               #1 - Framework/Model/KRA/Non-KRA        French
2               #2 - Security                           TBD
3               #5 - Interoperability                   TBD
4/5             #8 - Assurance                          Chokani

Each WG is to have an expanded draft outline of their section to the
Secretary by June 23, who will consolidate and distribute a complete outline
to the entire group.  Additionally, each WG is to complete draft text for
their section by August 18th for submission to the Secretary.  

The membership imbalance among the WGs was discussed.  Members were asked to
contact the appropriate WG chair to volunteer, and to notify the Secretariat
so that the e-mail addresses could be updated accordingly. 

Having no further business, Dr. Kent adjourned the meeting at noon on June
19, 1997.

References (on file with the Secretariat):

#1 - Agenda & Federal Register Announcement
#2 - Framework WG Recovery Models
#3 - Security Model WG
#4 - Interoperability WG
#5 - CDRS FIPS (DRAFT) Announcement Section