[108111] in Cypherpunks
Fwd: RSA now acceptable to da Fedz
daemon@ATHENA.MIT.EDU (mib)
Thu Feb 4 23:26:02 1999
Date: Thu, 04 Feb 1999 23:05:39 -0500
From: mib <mib@io.com>
To: cypherpunks@cyberpass.net
Reply-To: mib <mib@io.com>
-------- Original Message --------
Subject: RSA now acceptable to da Fedz
Date: Thu, 04 Feb 1999 22:37:44 -0500
From: R <gnu@toad.net>
<PARANOID>
<CONSPIRACY THEORY>
The NSA can break RSA. :-/
</CONSPIRACY THEORY>
</PARANOID>
Feds broaden crypto standards
By Tim Clark
February 3, 1999, 5:15 p.m. PT
http://www.news.com/News/Item/0%2C4%2C31927%2C00.html?sas.mail
The government is updating its technical standard for digital
signatures, and it's adding an RSA Data Security algorithm to acceptable
forms of encryption. But most commercial digital signature products used
in
private industry still won't meet the government standard.
Still, RSA welcomes this narrowing of the standards split for
digital
signatures, which are a key element in electronic commerce.
"It's good to see after all these years the closer cooperation
between
industry and the Commerce Department," said Bert Kalisky, chief
scientist
at RSA Labs. The National Institute of Standards and Technology
(NIST),
the agency that controls what kinds of digital signature software
federal
agencies can buy, is part of the Commerce Department.
"We are broadening that standard to say that government agencies can
buy
products that have either the DSA algorithm or RSA algorithms," said
Miles Smid, acting chief of NIST's computer security division. DSA
stands
for Digital Signature Algorithm, a government-created encryption
cipher
that has been the only one acceptable in government until now.
RSA-based
products have required special permission in the past.
As the name implies, digital signatures are a way of electronically
signing a message or document so it carries legal weight, just as a
signature does in the physical world.
But there's a catch: NIST has approved products that use RSA
algorithms as long as they conform to a new standard called ANSI
x9.31,
which is only months old. But, most RSA-based digital signature
products
available today don't comply with that standard and hence can't be sold
to
federal agencies without special permission, according to Kalisky.
"Personally, I wish the current products and the standards would be
the
same, but they aren't," said NIST's Smid. "We're getting there, but
there
is an existing set of legacy products that don't meet this standard."
The new NIST rule is in effect now, but comments are being accepted
through March 15, so it could be altered. "We received a lot of
comments
favorable to incorporating RSA," Smid said.
He may get more from parties that want to be able to sell existing
digital signature software to the government.
"We generally do submit comments, and I suspect we will in this
case,"
said RSA's Kalisky. RSA is a unit of Security Dynamics
-------------------------------------------------------
