             Draft Software Key Escrow Encryption Export Criteria
                                (11/95 version)

Export control jurisdiction for a software key escrow encryption
product that meets the following criteria, as determined by the
U.S. Department of State after a one-time review, will be
transferred to the U.S. Department of Commerce for export
licensing.  These criteria do not alter existing licensing
practices applicable to other encryption products or modes.
Vendors must still submit other encryption to the U.S. Department
of State for review and export licensing, or jurisdiction
transfer as appropriate.  Vendors contemplating the development
of encryption products are encouraged to discuss their export
objectives with the U.S. Government.

Key Escrow Feature

1.    The key(s) required to decrypt the product's key escrow
      cryptographic functions' ciphertext shall be accessible
      through a key escrow feature.

2.    The product's key escrow cryptographic functions shall be
      inoperable until the key(s) is escrowed in accordance with
      #3.

3.    The product's key escrow cryptographic functions' key(s)
      shall be escrowed with escrow agent(s) certified by the U.S.
      Government, or certified by foreign governments with which
      the U.S. Government has formal agreements consistent with
      U.S. law enforcement and national security requirements.

4.    The product's key escrow cryptographic functions' ciphertext
      shall contain, in an accessible format and with a reasonable
      frequency, the identity of the key escrow agent(s) and
      information sufficient for the escrow agent(s) to identify
      the key(s) required to decrypt the ciphertext.

5.    The product's key escrow feature shall allow access to the
      key(s) needed to decrypt the product's ciphertext regardless
      of whether the product generated or received the ciphertext.

6.    The product's key escrow feature shall allow for the
      recovery of multiple decryption keys during the period of
      authorized access without requiring repeated presentations
      of the access authorization to the key escrow agent(s).

Key Length Feature

7.    The product's key escrow cryptographic functions shall use
      an unclassified encryption algorithm with a key length not
      to exceed sixty-four (64) bits.

8.    The product's key escrow cryptographic functions shall not
      provide the feature of multiple encryption (e.g., triple-
      DES).

Interoperability Feature

9.    The product's key escrow cryptographic functions shall
      interoperate only with key escrow cryptographic functions in
      products that meet these criteria, and shall not
      interoperate with the cryptographic functions of a product
      whose key escrow encryption function has been altered,
      bypassed, disabled, or otherwise rendered inoperative.

Design, Implementation, and Operational Assurance

10.   The product shall be resistant to anything that could
      disable or circumvent the attributes described in #1 through
      #9.

11/6/95