Does business really have anything to learn from government? I pondered this notion, listening to Margaret Salter, one of the top encryption policy experts at the National Security Agency, on IE Radio this week.
This normally secretive agency within the Department of Defense is flirting with more openness and a higher public profile. More than once I heard, "We don't generally do a lot of things like this" from NSA personnel while trying to arrange a time for Salter to appear on IE Radio. Salter is technical director of the vulnerability analysis and operations group within the NSA's Information Assurance Directorate.

But since she also spoke at the RSA conference in San Francisco a few months ago, it's clear that agency personnel are getting out more, and that's good news because they have an interesting story to tell. And while not overly generous on details for obvious national security reasons, what they do choose to share may help government and industry learn from each other, as Salter stated this week.

For instance, take the NSA insistence on two types of encryption on any communication, an article of faith in Agency orthodoxy. In a series of crypto-interoperability trials that Salter oversees, one uses Transport Layer Security (TLS) on both the client and browser, along with digital certificates; another uses a WPA2 client, using Extensible Authentication Protocol (EAP) TLS, passing X.509 certificates, with client devices running IPSec.

The link for this article located at Internet Evolution is no longer available.