Background Paper
Changes to the Criteria Based on Earlier Public Input
The government presented draft criteria (9/95 version) for the
export of software-based key escrow encryption at an open meeting
at NIST on September 6-7, 1995. Meeting participants suggested
several changes to the criteria; the government re-drafted the
criteria as described below. Industry's ideas and words were
included when possible and given serious consideration consistent
with the protection of fundamental interests (e.g., privacy and
national security).
General changes to the document: The document was re-structured
to make it clearer. After the introductory text, related
criteria are grouped into the following categories:
- key escrow feature
- key length feature
- interoperability feature
- assurances
Changes to the introductory text: The wording has been clarified,
and additional words have been included to encourage vendors that
are considering building non-escrowed encryption products to
discuss their export objectives with the government.
Changes to the criteria: The criteria presented at the September
6-7 meeting have been modified in the following ways:
- Old Criterion 1.
- Moved to #7; wording clarified.
- Old Criterion 2.
- Moved to #8; wording clarified.
- Old Criterion 3.
- Split into #1 and #2 since the original
criterion had two major points in it (the
requirements for key escrow, and the
requirement on when the keys are first
escrowed); wording clarified.
- Old Criterion 4.
- Wording clarified; the notion of
accessibility to authorized entities was
modified to explicitly state that the
required information must be available with a
reasonable frequency.
- Old Criterion 5.
- Moved to #10; wording clarified, and the
example was deleted so that implementors were
not misled to believe that the example given
was the only way of satisfying that
requirement.
- Old Criterion 6.
- Moved to #9; wording clarified, and
applicability of this requirement was scoped
to address interoperability between a
product's key escrow mode and a non-key
escrow product.
- Old Criterion 7.
- Moved to #5; wording clarified.
- Old Criterion 8.
- Moved to #6; wording clarified because the
term "repeated involvement" was perceived as
being too broad.
- Old Criterion 9.
- Deleted.
- Old Criterion 10.
- Moved to #3; wording clarified, and
requirement modified to not preclude the
escrow of key by agents in addition to those
required by these criteria.
Note: The September (and November) version of the criteria is
available electronically at:
http://csrc.nist.rip/keyrecovery/
11/6/95