Security standards to merge

A group of information technology vendors last month announced plans to merge a commercial security standard for sending e-mail messages with one used primarily by the Defense Department - a move designed to encourage more federal agencies to use secure e-mail technology. Led by RSA Data Security Inc. nine vendors including Microsoft Corp. and Netscape Communications Corp. plan to combine the Secure Multipurpose Internet Mail Extensions (S/MIME) protocol with the government's Message Security Protocol. The National Security Agency developed MSP primarily for use by DOD for sending secure e-mail over the Defense Message System.

Protocol Incompatibilities

But S/MIME which is widely used by civilian agencies and MSP are not compatible. As a result if a DOD user sends a message to someone outside DOD the message must first go through a gateway that interprets the message and strips it of security mechanisms before it is sent to the other user.

Merging the two protocols would allow civilian and military users to communicate with each other and would extend more sophisticated security features to current S/MIME users including supporting the use of encryption and digital signatures providing for documents to be identified according to their level of sensitivity and allowing for handling complex security for large mailing lists according to vendor representatives who have joined with RSA.

In addition the resulting standard would support various encryption algorithms including DOD's customized algorithm or those more commonly used in commercial settings.

"What we're trying to do is work to develop a security specification to allow for e-mail to be both signed and encrypted easily and seamlessly " said Lynn McNulty RSA's director of government affairs. "It says agencies can buy e-mail products that have a full set of security features that will allow them to interact" with commercial and other agency users.

While DOD's standard is needed for many high-end e-mail security applications many government agencies require less stringent messaging security said Frank Hecker the lead systems engineer for Net-scape's federal government sales group. Netscape products now support S/MIME with the RSA algorithm and the company is working to support S/MIME used with DOD's Fortezza algorithm he said.

"Netscape believes that commercial security e-mail standards such as S/MIME can meet many government requirements today " Hecker said. "There will always be the high-end government requirements for certain areas...that can only be met by government-designed technology. But for the majority of government applications commercial messaging technology is here either today or will be there in the future."

J.G. Van Dyke and Associates a Maryland-based software development firm that has worked with NSA to develop the uses of the MSP protocol for the government is working to develop a reference implementation of the MSP-enhanced S/MIME security protocol. The resulting software library will let developers integrate the new S/MIME protocol into products.

RSA expects to release a prototype of the MSP-enhanced S/MIME protocol next year with installation in 1999. Other vendors that have joined with RSA include Entrust Technologies Inc. Lotus Development Corp. SPYRUS Worldtalk Corp. and VeriSign Inc.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.