Digital Signature Standard. Unless you're a security nut or a
truly committed lover of applied mathematics, the subject can be a real yawn. And until
recent months, the arcane arguments over competing DSS's seemed remote to the average
But the DSS is important. The no-end-in-sight debate it engenders has meaning for the
entire government. And it shows how seemingly small issues are getting ground up in the
headlong rush to "downsize" government without careful thinking about how
missions--the roster of which has decidedly 'MDUL'not'MDNM' been downsized--are going
to get done.
Discouraging best describes the game of hot potato being played by the General Services
Administration and the National Institute of Standards and Technology over which agency
will establish the federal DSS standard and write rules on how to implement it. NIST
originally was going to launch a series of DSS pilot projects, until NIST's future became
NIST handed off the project to the the Security Infrastructure Program Management
Office at GSA. Now that office has handed it back because the SI-PMO's own future funding
Lack of ownership is worsened because the technical questions still are open. NIST and
GSA have drifted from pushing the government's own DSS standard. Now they're willing,
apparently, to back an "algorithm-independent" DSS compatible with a
commercially popular security product.
In short, there's a DSS standoff and no clear leadership in sight with the authority to
settle this matter. A beleaguered agency manager can find little to rely on. And without a
reliable DSS, there can be no widespread adoption of the many forms of electronic
commerce. What a way to run a railroad.
The fault, of course, lies not with GSA or NIST, but with the political sector that
pushes initiatives like EC and network security yet whittles away at the agencies that
could get them done.
The costs of keeping the SI-PMO or the pertinent parts of NIST alive are trivial
compared to the purported efficiencies of electronic commerce. But trimming agencies here
and there gives leadership of both parties the chance to bask in the illusion that they're
actually accomplishing something, while they dance--month after month, year after
year--around the really hard decisions like Medicare.
Well, small as it may be, the time is now for a decision on digital signature
standards. If lawmakers want to kill GSA and NIST, that's their prerogative. But they
shouldn't expect the efficiencies of governmentwide standards when there's no one to
create and enforce them.