[1317] in cryptography@c2.net mail archive
Fortezza 2.0 Cancellation
daemon@ATHENA.MIT.EDU (Phil Karn)
Fri Aug 8 20:16:46 1997
Date: Thu, 7 Aug 1997 21:27:20 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: cryptography@c2.net
------- Start of forwarded message -------
>From: "Fritsch, Kenneth M." <kmfrits@missi.ncsc.mil>
[lengthy recipient list deleted]
>Subject: Fortezza 2.0 Cancellation
>Date: Thu, 07 Aug 97 09:43:00 EDT
>Encoding: 73 TEXT
>
>
> Thank you for your interest in the Fortezza 2.0 architecture! However,
>at this time the Fortezza 2.0 Architecture development effort has been
>cancelled by the National Security Agency, X2. Many factors contributed to
>the cancellation of the effort. I wanted to explain the situation to our
>industry partners for you to gain better insight of our current direction
>and provide you the reasoning for this change in direction. The viability of
>the architecture was not in question, only the Government's resources and
>direction were issues. The predominant deciding factors were:
>
>1. Our new corporate direction for network security, the commercialization
>strategy, was inconsistent with the direction taken in the Fortezza 2.0
>architecture work. We will now try to drive compatibility at the CAPI
>(Cryptographic Application Programmer's Interface) instead of the lower
>levels, namely the libraries, drivers, and card interfaces. We desire
>complete solutions where the developer of network products will select and
>maintain those interfaces independent of the CAPI level. The Fortezza 2.0
>architecture work was in the process of defining these lower levels.
>
>2. NSA can no longer afford to pay for the developments to drive the
>marketplace. We do not have a large enough market to substantially drive the
>commercial market. Also, with that in mind, we do not have the manpower or
>budget to see the Fortezza 2.0 architecture through to completion in the
>commercial market. Therefore, our resources have been redirected to other
>activities.
>
>3. With the use of commercial crypto for classified systems using a layered
>security approach, much of the applicability for the Fortezza 2.0
>architecture for the Type 1 market niche has been eliminated. We can not
>sufficiently address changes in the commercial market and our specific
>classified system needs are being addressed in these other non-traditional
>ways.
>
>4. Industry has already independently started to adopt pieces and principles
>of the Fortezza 2.0 architecture in the multi-application Fortezza cards and
>more specifically in the PC/SC (Personal Computer/Smart Card) standards.
>This seems to be the direction technology is taking - without our lead.
>
>The National Security Agency will now focus our efforts on interoperability,
>key management infrastructure support, and high level testing - to name a
>few related areas that will be stressed. The Fortezza 2.0 architecture team,
>however, performed valuable work which is still viable in today's commercial
>marketplace. I can provide the architecture documents to allow synergy to
>occur in the private sector with our industry partners. There were many good
>ideas in the architecture that we wanted to share with any interested party
>to help advance technology. The architecture had many desirable features to
>include:
>
> - Multiple non-cooperating applications
> - Multiple Users
> - Multiple Tokens (includes PCMCIA, Smartcard, Software)
> - Extensible functionality (Ability to add new algorithms, new key
>management)
> - Fixed structured signalling
> - Improved performance over existing Fortezza architecture
> - Improved software architecture to allow independence of software
>modules for
> easier upgrades.
> - Interoperability at the CAPI/CSP level.
>
> The output of the Fortezza 2.0 architecture is contained primarily in two
>documents, The ICD and the connection manager ICD. I will assume that you
>have received the output of the FACT team previously (Communications
>architecture, and software architecture). The ICD is about 85% complete and
>contains all of the information of the architecture details and the
>connection manager contains information that allows for sharing of resources
>for multiple applications/users/tokens. If you have any additional
>questions, please ask and I will do my best to provide answers. In the
>interest of
>allowing this e-mail to go out efficiently I have not attached the
>documents. If you would like to get the documents - please ask. Thanks!
>
>Ken Fritsch
>
>
------- End of forwarded message -------
