Anyone out there watching Fortezza's Doom unfold?
Fortezza was the US DoD's crypto (PCMCIA only?) smartcard, part of
the Capstone family introduced back with the original Clipper proposal for
non-classified DoD use and other US government applications -- and, for
awhile, heavily promoted to the civilian US government agencies, as well as
to industry. Fortezza has Skipjack symmetric crypto (160 bit keys, I
think) as well as full public-key functionality, but it was designed to
complement the Clipper policy, so I recall it tossed off a LEAF escrow copy
of each session key to government-established secure "key warehouses" in
DoD, Commerce, and Treasury, maybe among other agencies.
I presume many of the prominent firewall vendors got involved,
since for a time it looked like this was going to be the authentication
device used by the US DoD, other federal government employees, and
contractors accessing federal systems. Fortezza is -- was? -- also
obviously a big deal for network and firewall administrators (and users) at
many US government agencies.
There are a lot of rumors buzzing around DC these days to the
effect that NSA and the Joint Chiefs have tossed in the towel and will,
within weeks, approve DoD purchases for non-Fortezza security systems, for
both strong authentication, and (I presume) more standard PKI. I
understand they have been briefing US.gov security staff and the
contractors who have been working on Fortezza apps.
I also understand that DoD is considering approving Fortezza in
I'm seeking some perspective on what happened and why. I'm
intrigued, but ill informed. (Please feel free to correct anything above.)
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin @
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548