Promotion of cryptography

[Ross Anderson]

Nigel:

> I have often said (as many who might have heard me in public will
> testify to) that commerical organisations should consdier the use of
> strong encryption (at least 56 bits) for their commerciall dealings.

I am not as concerned as some on the list about the DTI's promotion of
56 bit crypto. Once people have committed to fielding crypto, they
will learn about it and eventually they will upgrade. (Even if
everyone used 56 bits without escrow, then we would be back where we
were in the old days - with then king able to read anybody's mail but
not everybody's mail, which would be an improvement over Echelon.)

What I do object to is that the DTI has consistently given UK
companies completely wrong advice, namely that they should fashion
their internal computer security after the Bell-LaPadula model beloved
of GCHQ rather than the Clark-Wilson model which they already use [*].

Such `one-size-fits-all' advice has real costs. For example, much of
the confusion in healthcare informatics was caused by a similar error
in which the Department of Health tried to impose BLP on healthcare
information systems, with predictably disastrous results.

Ross

[*] BLP states that information can only flow up the classification
hierarchy, never down. Thus a civil servant cleared to `Secret' can
read files at `Secret' or below, but not `Top Secret', while a process
running at `Secret' can write at the same level or above, but never
down to `Unclassified'. The Clark-Wilson model, on the other hand,
provides a formal description of the double-entry bookkeeping systems
actually used by organisations outside the civil service, where the
prevention of fraud is more important than covering ministerial
arses. More at http://www.cl.cam.ac.uk/Teaching/1998/Security/