[EAS] Next Generation

Phil Johnson p_johnson58 at msn.com
Sat Nov 15 00:56:56 CST 2014 

Well, not "Amen" for everyone..

I concur with the movement toward alternative distribution, especially via
satellite.  Authentication solutions (rejection of unauthorized ground
transmissions) are routine in the 21st century.  This method would eliminate
a lot of complexity, expense, and delay.

In the meantime... I know that Richard Rudman is an expert on public
warning.  However -- and with respect -- he's not an expert on
communications security.  For the record, I'm not an expert in either field.
But I do have enough experience with both to know what I don't know.

Mr. Rudman's asserts that "authentication is a different issue than
security."  No.  Anyone who has served in a military communications role,
including the handling of unencrypted messages, knows that authentication is
a VITAL COMPONENT of communications security.  

Mr. McCarthy comments that " the mission isn't to create an overtly secure
message cypher..... and that that 4 ASCII bytes is plenty...".  Maybe or
maybe not.  We don't know how secure an encryption scheme should be for our
purposes or how complex an authenticator would be needed.  This isn't 1962,
with the red envelope sitting on the shelf above the wire-service Teletype.
Maybe a virtual red envelope would be good, but electronic transmission of
authenticators carries its own complications.  

These issues are nearly always more complex and subtle then they first
appear, and I would argue that --  sorry -- no one in this group is
qualified to resolve them.

I sympathize with the aversion to involving another federal agency and the
inherent delay, and I know NSA has been publicly beaten up lately.  But
let's get real.  Although there are lots of smart people in this forum, none
of us has the expertise and experience in COMSEC to implement the quality of
solution that NSA could bring to the table.    

I hope those with national horsepower (especially Mr. Rudman) won't reject
what could be a good solution just because they don't like where it would
come from.  I'd prefer a reliable, high-quality system over a quick solution
that takes a long time to fix after it's implemented.

Phil Johnson

= = = =
   

Amen, Mike and everybody.

Authentication is a different issue than security. No need here to involve
NSA for authentication.

The Virtual Red Envelope is an idea that could help assure message
authentication.

Richard Rudman

On Nov 14, 2014, at 8:04 PM, Mike McCarthy wrote:

> Adding another alphabet soup agency will only further complicate and 
> delay and meaningful efforts by stakeholders.

More information about the EAS mailing list