
Minutes of the June 17-19, 1998 Meeting of the Technical Advisory Committee to 
Develop a Federal Information Processing Standard for the Federal Key Management 
Infrastructure.

A quorum being present, the tenth meeting of the Committee was called to order 
at 9:15 a.m. by the Chairman, Dr. Stephen Kent, at Radisson Hotel, Minneapolis, 
Minnesota on June 17, 1998.  As with all other TAC meetings, all sessions were 
open to the public.  In addition to the Chairman, members present were: Joe 
Alexander, Josh Benaloh, Tom Cahill, Dave Carman, Santosh Chokhani, Paul Clark, 
Jack Edwards, Mark Etzel, Bill Franklin, Roger French,  Daniel Harkins, Russ 
Housley, Paul Lambert, Mike Matyas, Joe Pato, and Don Rothwell.  Government 
liaisons in attendance were Elaine Barker, Tony DiClemente, Diane Dunshee, Julie 
Lever, Art Purcell, John Sabo, Miles Smid, and Dick Sweeney. Also attending was 
Mark Bohannon, Chief Counsel for the Technology Administration, of the 
Department of Commerce.

Dr. Kent opened the meeting by stating that he planned for the Committee to 
review as much of the draft document (and accompanying cover letter) as possible 
over the course of the three-day meeting.  [Note that both (a) the pre-meeting 
draft assembled standard and (b) the draft as a result of the Committee’s 
meeting are referenced and available on the Committee’s web site.  The same is 
true for the accompanying cover letter.]

Ed Roback welcomed Mr. Purcell of the Patent and Tradeemark Office as a new 
federal liaison to the Committee.  Mr. Roback also passed along the regrets of 
Richard Guida, Chairman of the Federal PKI Steering Committee and GITS Champion 
for Security who was unable to attend the meeting due to illness.

Mr. Bohannon provided the TAC with an overview of the Department’s anticipated 
plans for using the technical work product of the Committee.  He began by 
reviewing the Committee’s role from both its charter and as stated by Under 
Secretary Good at the December 1996 meeting, namely that the Department is 
looking for technical recommendations on encryption key recovery.  Noting that 
this is the final Committee meeting prior to the expiration of the charter, Mr. 
Bohannon said that after receiving the Committee’s technical recommendations, 
the Department plans to publish these for public comment.  In parallel, the 
government will seek to address any related policy-type questions (e.g., 
applicability) and NIST will plan for developing implementation guidance.  After 
public input is obtained on the Committee’s technical input and the policy-type 
issues have been addressed, NIST will release a draft FIPS for public comment.  
Public workshops were one vehicle offered as a means to address the public 
comments.  After that, the formal FIPS establishment process would follow.

The Committee then briefly discussed procedural issues and agreed (a majority of 
members present voting in favor) to resolve differences and approve the final 
work product.  Therefore, throughout the meeting, when consensus could not be 
reached after discussion, a show of hands was used to resolve the issue at hand.

After discussing and agreeing to change the title of the document to 
“Requirements for Key Recovery Products,” discussion then proceeded on the 
Announcement section of the document.  TAC members felt that some sections of 
the document were more policy-oriented, and thus should not be part of the 
Committee’s output.  With this in mind, the Committee decided to replace the 
existing text in the export control, applicability, and selected other 
announcement sections with text indicating that the text will be supplied by the 
government.

As the TAC’s editing of the document progressed, a few major decisions were 
taken.  The TAC decided to adopt the first of five options regarding the 
functions of products to be submitted for conformance testing. This was later 
amended, to finally read:

A product submitted for evaluation under this Standard must embody one or more 
of the KRS functions defined in this Standard. There is no requirement that a 
product offered for evaluation embody all of the defined functions; a compliant 
product may not constitute a complete KRS.
There is no requirement that a single product or a suite of products from a 
single vendor embody all of the functions needed to provide a complete KRS. 
Thus, the Standard permits the modular implementation of a KRS, based on the 
assembly of components from one or more sources. Since an organization employing 
key recovery will require a complete KRS, additional guidance should be provided 
via other documents to assist in evaluating the security of a system assembled 
from components (from one or more vendors) that have been evaluated against this 
standard.

The TAC also agreed to remove the KRI Acquisition function from the draft 
document.  Members argued that no product that merely received KRI should be 
eligible for a conformance certificate.

The TAC proceeded, over the course of the three-day meeting to review and revise 
the document, including the key recovery model.  The Committee was only able to 
edit the document through Requirement 109  (as numbered in the pre-revision 
draft).

The TAC also reviewed the draft letter to the Secretary. The initial draft was 
almost immediately replaced with a working draft proposed by number of members, 
which became the basis for the letter as adopted (see references).  The final 
letter recognizes the need for additional work on the draft standard, offers the 
TAC’s services, and recommends that the Secretary not seek public comment on the 
draft as currently written.

On Friday afternoon, Mr. Roback presented Dr. Kent’s a certificate of 
appreciation from the Secretary of Commerce recognizing Dr. Kent’s efforts in 
chairing the Committee.  Additionally, members of the Committee will also 
receive a similar certificate from the Department recognizing their efforts.

Before adjourning, the Committee unanimously approved sending the cover letter, 
as revised, and attachment (draft standard) to the Secretary.

The meeting was adjourned at 3:15 p.m. on Friday, June 19, 1998.

1. Draft assembled standard (as distributed)
2. Draft assembled standard (as revised)
3. Draft cover letter (as distributed)
4. Draft cover letter (as approved)
5. Mark Bohannon’s presentation
6. Agenda
7. Federal Register Meeting announcement