[1247] in cryptography@c2.net mail archive
Re: Fortezza dying on the vine?
daemon@ATHENA.MIT.EDU (Vin McLellan)
Fri Jul 25 12:26:20 1997
Date: Fri, 25 Jul 1997 12:07:40 -0500
To: cryptography@c2.net
From: Vin McLellan <vin@shore.net>
Rich Salz <rsalz@opengroup.org> queried the List:
>I'm seeing signs that DoD interest in Fortezza is waning. One software
>vendor no longer gets asked for it at sales meetings with the feds; a
>two-year Fortezza contract (like the NSA did with Netscape) was
>killed.
>
>Anyone else?
I see the same, but I wouldn't count Fortezza dead with a stake
through its heart quite yet.
The sponsors of the Defense Messaging System, which seems to be the
reference implementation of Fortezza, announced a month back that it's
evolution to Fortezza has been stalled, delayed; not terminated or
transformed. X3 within NSA is still committed to Fortezza -- or at least
to seeing that it's huge investment in Fortezza (and a warehouse full of
Fortezza PCMCIA cards) not go to waste.
DISA and NSA have reportedly decided to declassify Skipjack and
make a Fortezza implementation in software (without strong
authentication?!) available for those agencies with immediate infosec
needs, and NSA's Network Security group has been, for the first time,
telling other DoD and Intel organizations that they can (as an interim
holding action) invest in COTS infosec technology to meet pressing and
pending needs.
NSA explains all this by saying that the industry never produced a
trusted (B3+) workstation of the sort they need to manage Fortezza PKI
and/or MISSI multi-level (secret and non-classified) networks. As a
result, DOD seens to be overtly retreating from grandeous plans for MISSI
and refocusing on system-high (everyone cleared for the highest level info
on the net) architectures. DoD has also reportedly cut its development
funding for Guards, the label-sensitive firewalls needed for multi-level
environments.
Fortezza was originally the core of NSA's strategic attack on
RSADSI, offering DSA, DH, Skipjack and key-escrow as a government sponsored
alternative to the RSA-based PKI. RSA outmaneuvered them in the commercial
market, (even after the government offered to cut key-escrow,) so
completely that federal agencies began to rebel. The EPA and the Dept. of
Agriculture were the first to go through the complex process of opting out
of the NIST FIPS which dictated that feds were to use DHS and DSA (and the
odd "voluntary" FIPS -- because mandatory FIPS require open discussion of
the tech -- which pushed the Fortezza combo. Fortezza now defines an arena
of PKI which, by its choice of non-RSA algorithms, is cryptographically
isolated from the 95 percent of the commercial PKI arena which has
standardized on RSA technology.
Until fairly recently, IMHO, NSA was so fixated on GAKing the
confidentiality inherent in PKI that they failed to realize that commercial
operations (including maybe 60-70 percent of DoD, and 95 percent of the
federal government) are far more eagerly awaiting the administrative
efficiencies they see in other aspects of the digital signature
(authentication, non-repudiation.) The spooks worry about whispered
secrets; the quartermaster (and the rest of the federal government) are
excited about PKI-based EDI, contracts, orders, other administrative
mainstays online. And to gain the commercial and administrative benefits
of PKI, the government agencies need to be able to interact, authenticate,
and validate messages from outside the NSA's Fortezza ghetto, where the
rest of the world has standardized on RSA-based PKI. When Sandia or the
Forestry Service needs toilet paper or paper clips, they want to be able
send an authenticated PO to someone besides Ft. Meade.
The whole point of a hierarchtical national PKI is open and random
interoperability. If point to point interaction is the goal, better to
just pass out PGP and let everyone set up their own secure enclaves with
independent key servers, and ignore the possibilities and problems of X509
certs.
The NSA finally pulled back on Fortezza when they saw incipient
rebellion in their own core DoD constituencies. The birth of the NSA's
X-organizations, which are focused on tracking and working much more
closely with the commercial infosec vendors, came out of that realization
-- as well as an acknowledgement the government-wide reform of IT
procurement launched by Sec. of Defense Cohen (when he was in the Senate)
could not be kept at bay. Grand Designs like Fortezza, predicated on
future development, have a bad odor in federal CIO circles today. In all,
DoD's last attempt to dominate and rein the IT industry it created 40-50
years ago has been an utter failure. New efforts (i.e. the NSA's new
Network Security Framework Forum) are much more collaborative and
COTS-oriented.
Still, Fortezza soaked up a lot of money and ego. It is currently
a major embarrassment, but there are powerful players eager to salvage it,
if at all possible. It will never be the national PKI the spooks dreamed
of -- but it may survive if Skipjack is declassified and the RSA-based
"outside world" can intereact with it. Odd, to see the US government
locked into the weaker (80-bit Skipjack) crypto, while world commerce locks
on 128-bit symmetric security. Gives one pause. Agendas come in layers in
US crypto politics, like the layers of an onion. All us paranoids ask:
What's the next layer down?
Surete,
_Vin
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
