Defense adds IP to the DMS mix
- By Gregory Slabodkin
- Jan 26, 1998
Defense previously based compliance on the X.400 and X.500 international standards. The
goal was to ensure all products would meet DOD's messaging and directory service
requirements. Besides X.400 and X.500 high-assurance products, the Defense Information
Systems Agency will add medium assurance messaging products based on secure, interoperable
commercial standards for Internet and World Wide Web services.
DISA officials said they want to keep DMS within mainstream commercial information
technology while ensuring that the Defense Department's new messaging system satisfies DOD
Among the Internet standards DISA is considering are the Simple Mail Transfer Protocol
(SMTP), Secure Multipurpose Internet Mail Extensions (S/MIME), Lightweight Directory
Access Protocol (LDAP) and Internet Messaging Access Protocol (IMAP).
"DOD is not big enough to drive the marketplace by itself. But in some areas, such
as security, because we have more experience, we can potentially sway the direction in
which industry is going. What we want to do is put a profile out there and let industry
comment on it," said Navy Capt. James Day, DMS program director.
Consistent with the recommendations of a 1996 Messaging Advisory Panel report, DISA is
working with the industry to set the minimum capabilities to meet its medium-assurance
requirements for DMS. DISA officials want to reach a consensus with industry early this
year, Day said.
DMS program officials are keeping tabs on a National Security Agency initiative to
merge RSA Data Security Inc.'s S/MIME Version 3.0 with J.G. Van Dyke Associates'
NSA-designed Message Security Protocol Version 4.0. S/MIME is the de facto commercial
standard for Internet e-mail security.
Initial specifications for augmenting S/MIME have been drafted by RSA of Redwood City,
Calif., and a DOD Internet Engineering Task Force working group to make it robust enough
to handle military requirements.
"We are pleased with the progress that RSA and the S/MIME workshop members have
made toward merging S/MIME and MSP," said John Nagengast, NSA's network security
"All users will benefit from reduced application costs and increased ease of use
inherent in agreement on a single protocol," Nagengast said.
J.G. Van Dyke Associates is providing MSP 4.0 reference code to enhance the S/MIME 3.0
protocol to make it functionally equivalent to MSP.
The Bethesda, Md., company is building a prototype of the new MSP-enhanced S/MIME
protocol for release later this year.
"DMS is certainly a driving application for these requirements, but anyone who
wants to have a higher level of security assurance is a candidate to use S/MIME 3.0. The
[DMS] official position right now is that MSP 4.0 has been accepted, and it's also the DMS
intent to support S/MIME 3.0," said Gary Van Dyke, the company's president.
Nevertheless, DMS officials are reserving judgment.
"NSA has worked closely with industry to make MSP 4.0 and S/MIME functionally
equivalent. But multivendor interoperable S/MIME products are not yet available. DMS
cannot adopt S/MIME for high assurance organizational messaging until secure interoperable
products are available, " Day said.
One DMS vendor, Microsoft Corp., likes what it sees so far, said Mitra Azizirad,
Microsoft Federal Systems' DMS product manager.
"I don't think protocols that are military-specific should be developed for future
DMS versions," she said. "If DMS' intent is to go along industry standards, then
they should be taking a good look at these protocols."
Last year a Joint Chiefs of Staff report recommended expanding DMS, which is built
around the X.400 message protocol, to a dual-protocol architecture that would include
The more inclusive architecture is being advocated as a more flexible implementation of
"We're certainly not abandoning X.400, but we do see industry taking a turn toward
SMTP and S/MIME," Azizirad said.
Another protocol DOD will incorporate into DMS is LDAP, a standard for accessing
directories over the Internet that has emerged as the premiere method for network
Because LDAP operates across a broader range of commercial products, it will open up
access to the DMS directory, DOD and industry officials said.
DMS 2.0a will be released later this year and will include support for LDAP in the
Directory Service Agent, the main directory component for DMS.
DISA does not plan to modify other high-assurance X.400 and X.500 DMS-compliant
products to make use of LDAP.