[1249] in cryptography@c2.net mail archive
Re: Fortezza dying on the vine?
daemon@ATHENA.MIT.EDU (Rick Smith)
Fri Jul 25 16:54:10 1997
In-Reply-To: <v03007801affe8dc74f17@[198.115.179.81]>
Date: Fri, 25 Jul 1997 15:48:10 -0600
To: Vin McLellan <vin@shore.net>, cryptography@c2.net
From: Rick Smith <smith@securecomputing.com>
At 12:07 PM -0500 7/25/97, Vin McLellan wrote:
> I see the same, but I wouldn't count Fortezza dead with a stake
>through its heart quite yet. ...
Terrific overview of the situation. Here are some comments from someone
else who has crawled around in those trenches...
> NSA explains all this by saying that the industry never produced a
>trusted (B3+) workstation of the sort they need to manage Fortezza PKI
>and/or MISSI multi-level (secret and non-classified) networks.
So it's all the vendors' fault for not wanting to built products that
nobody wants to buy. MLS is dead. Ever since viruses appeared, MLS and
"read down" have been a liability, not an asset. Even so-called MLS guards
don't really use MLS. At most they might use MLS to implement separation
kernels, so they can treat low to high transfers with the same suspicion as
high to low transfers. The only difference is in what they look for:
viruses in one direction and release authorization in the other.
> DOD seens to be overtly retreating from grandeous plans for MISSI
>and refocusing on system-high (everyone cleared for the highest level info
>on the net) architectures.
A few key people declare that the True Objective is still MLS, but the
realistic near term goals are all system high. MLS was poisoned by the
advent of PCs and LANs that any department could buy out of a catalog and
install within their classified perimeter. Now a practical trusted OS must
fit cleanly between existing (and often outdated) hardware and existing
applications, and it mustn't impact performance at all. It's like the
marketing guy in Dilbert who demands a 45" video screen that fits in his
back pocket.
> Until fairly recently, IMHO, NSA was so fixated on GAKing the
>confidentiality inherent in PKI that they failed to realize that commercial
>operations (including maybe 60-70 percent of DoD, and 95 percent of the
>federal government) are far more eagerly awaiting the administrative
>efficiencies they see in other aspects of the digital signature
>(authentication, non-repudiation.)
Perhaps they would have done better by promoting 40 bit confidentiality
keys with 128 bit integrity keys. Independent of its political
implications, I hate key escrow just because it takes a complicated new
technology and makes it even more so. This is not a winning strategy for
technology introduction.
Lots of memos and other papers cross Milnet in plaintext e-mail already. 40
bit confidentiality doesn't do much other than scare away cheap or lazy
spooks, but it probably would have been enough for that traffic. Long
integrity keys would address the real worry, which is the delivery of all
those $600 toilet seats and associated toilet paper to the wrong address,
and charging it all to the wrong department.
It's also interesting to note that the principal use of Fortezza in guard
environments is to authenticate messages intended for reclassification. The
messages are rarely encrypted.
> The whole point of a hierarchtical national PKI is open and random
>interoperability.
It's fascinating that they got it right on the STU III and got it so wrong
with Fortezza. This is one of the few public examples of NSA not learning
from its own experience. Of course, each STU costs several thousand, and
Fortezza is mandated to cost "less than $100." Also, the NSA spends about
$42/phone/year just to administer STU crypto. I doubt there's a rush to pay
such costs on a per-workstation basis, either by NSA or by its customers.
> New efforts (i.e. the NSA's new
>Network Security Framework Forum) are much more collaborative and
>COTS-oriented.
The real test will be to see if the forum can actually affect things. It's
not clear that NSA can afford to invest in the analysis and synthesis
necessary to really benefit from what's happening in the NSFF. I fear that
the NSFF will end its life with another bland Government sponsored
technology survey that everybody puts on the shelf and nobody reads.
Rick.
smith@securecomputing.com Secure Computing Corporation
"Internet Cryptography" in bookstores soon http://www.visi.com/crypto/
