                    Minutes of the April 23-24, 1997,
                            Meeting of the
                       Technical Advisory Committee
          to Develop a Federal Information Processing Standard
             for the Federal Key Management Infrastructure

A quorum being present, the third meeting of the Committee was called to
order at 9:00 a.m. by Executive Secretary Ed Roback.  He welcomed everyone
and reviewed the agenda for the two day meeting (Reference #1)  and asked
whether any of the members or federal liaisons had any announcements to
make.  Mr. Sabo (SSA), briefly provided an overview of SSA's plans to gather
expert opinions on on-line availability of SSA information.  The WGs being
established by SSA have a deadline of June 30th to make their
recommendations.  Nineteen members were in attendance.

This meeting was primarily focused on hearing from the Working Groups as to
their activities since the last meeting, and in planning for future work.
The WGs are: #1 Framework, #2 Security Models, #3, Key Recovery Agents
(KRAs) , #4, non-KRA Elements, and #5, Interoperability.  During the two
days of discussion, it was agreed that WGs 3 and 4 would be combined.

Note that the WGs do not act independently of the Committee.  They function
solely to gather information or conduct research of the Committee, analyze
relevant issues and facts, or draft position papers for consideration by the
Committee.

Each WG provided an update of their activities; see references.

Mr. French of  WG #1 (Framework) asked the TAC about what sort of
deliverables the TAC expected to produce and what level of detail should be
planned for.  He also asked for opinions about how the various WG products
could be integrated.  Mr. French asked each member/liaison to provide him
with additional materials, URLs, and so forth that might be of use to the
Framework WG.  He presented a strawman statement of the deliverables and
FIPS outline.  He raised questions regarding level of detail, stored vs.
transmitted data, access to the key recovery agent(s), the breadth of the
FIPS, interoperability issues, and the export issue.  Dr. Matyas provided a
briefing of two overheads describing a key recovery model.  (See
references.)  This was the subject of significant discussion and
questioning, with suggestions made that this model be refined by the WG for
discussion at the next meeting.

Dr. Brickell of the WG#2 (Security Models) provided an overview of WG #2's
current thinking about security models, and identified issues, among others,
involving key recovery agents vs. data recovery agents, interoperability,
definitions, security, encryption algorithm independence, and owner access.
During the discussion, a question was raised regarding what would happen if
there is not consensus among the membership on a particular issue.  Dr. Kent
indicated that when the TAC arrives at a set of requirements that is clearly
defined, if there is not consensus on the issue, a vote may be necessary
among the members (with appropriate dissenting opinions).

Mr. Alexander provided a joint report for WG#3 (Key Recovery Agents) and
WG#4 (Non-KRA Elements). It was agreed, because of the very small size of
both of these WGs, that they would be combined.  (The Secretariat will
create a new collective e-mail address.)  Mr. Alexander began by stressing
that by implementing key recovery, a flaw is being built into the system.
He reviewed issues involving, among others,  definitions, structure, KRA
certification, session vs. master keys, product elements, basic assumptions,
and product/system issues.  Dr. Kent indicated the need for the WG to see
each component in the model be well characterized and then a more detailed
requirement developed for the TAC to review.

Mr. Paul Clark provided a briefing of WG #5 (Interoperability).  (See
reference.)  He reviewed various modes for key recovery, including
decryption and session key recovery.  He said that requirements for
real-time recovery of encrypted communications have not been adequately
defined.  He discussed including the originator as a recipient in
communications in order to assure recoverability.

Mr. Kenneth Thibodeau, Director, Center for Electronic Records, National
Archives and Records Administration (NARA) provided the TAC with a brief
overview of NARA's activities in the area of electronic recordkeeping.
This was in response to requests from TAC members to better understand the
government's requirements for retention of records, particularly with regard
to the expected duration of the storage.   NARA, which is just beginning to
address electronic records, takes a very long-term view of storage, using
100 years as a minimum requirement.   With respect to encryption, it appears
that NARA would prefer that agencies provide their materials to NARA in
plaintext, using archiving plans for the Defense Messaging System as an
example.  (See reference.)

During discussion which followed, the Chairman stressed that, while he was
generally pleased with WG activities, if the WGs only work on the days
before the TAC meeting, the TAC will not be able to complete its taskings.
E-mail exchange is a viable way to do this, as are conference calls.  He
also stressed the need for WGs to produce strawman text (beyond overhead
briefings) for comment by TAC members.  It was suggested that two weeks
before the next (i.e., by June 4), the WGs have materials ready for
distribution to the TAC as a whole for review prior to the TAC meeting.

No members of the public requested time to address the TAC.

All presenters were asked to provide electronic copies of their reports to
the secretariat for posting on the TAC's web page.  Additionally, any
materials (e.g., presentation materials, etc. intended for distribution at
the June meetings should be provided to the Secretariat at least ten days
before the meeting (June 18-19) for copying.

The Secretary discussed plans for TAC meetings in 1998.  He intends to
distribute a request to TAC members for dates on which they are already
busy.  After collecting this, he will propose meeting dates.  It is
envisioned that the TAC will continue to meet six times per year for two-day
meetings.  In planning for future meetings, the WGs expressed a preference
for WG meetings the day before each TAC meeting.

Having no further business, Dr. Kent adjourned the meeting at 2:30 p.m.

References (on file with the Secretariat):

#1 - Agenda
#2 - WG #1 (Framework)
#3 - WG #2 (Security Models)
#4 - WG#3/WG#4 KRA and Non-KRA Elements (Alexander)
#5 - WG#3/WG#4 KRA and Non-KRA Elements (Matyas)
#6 - WG#5 (Interoperaibilty)
#7 - NARA materials
----------------