Next Windows to work with Pentagon's PKI

Microsoft Corp. officials have agreed to alter the next- generation Windows operating system so that it will accommodate the existing digital certificate being used on Defense Department Common Access Cards.

The agreement will help the Pentagon avoid issuing new, application-specific digital certificates for millions of Common Access Cards, which are being issued with a generic public-key infrastructure identity certificate. The move could give the Pentagon an incentive to quickly migrate to the successor to the Windows 2000 operating system.

The Pentagon plans to issue Common Access Cards, also known as smart cards, to 3.2 million people by Sept. 30, 2002. When inserted in a PC Card reader, the cards give authorized users access to a network.

In mid-May, Micro.soft officials sent a letter to Mike Green, the program management officer for DOD public-key infrastructure, committing to the use of DOD's identity certificate for smart card log-ins under the next-generation Windows system, said Pat Arnold, Microsoft Federal's director of information assurance. The successor to Windows 2000, code-named Blackcomb, is expected to be released in "a couple of years," said Keith Hodson, a Microsoft spokesman.

DOD and Microsoft officials met with members of the Internet Engineering Task Force (IETF)—an international community of network designers, operators, vendors and researchers—in March to discuss the agreement, Arnold said. IETF was consulted because Microsoft is using PKINIT, an IETF- produced public-key cryptography, for initial authentication in Blackcomb, Arnold said.

"PKINIT is how you marry up key operations and Kerberos," he said. Kerberos is the Massachusetts Institute of Technology- developed secret-key cryptography that provides strong authentication between client and server.

The smart card log-in feature of Windows 2000—the system used on Navy Marine Corps Intranet PCs and servers—uses application-specific certificates, Green said. "What we told [Microsoft] is "That's not the way we designed the DOD certificate,' " he said.

Within the next two years, there could be thousands of PKI- enabled DOD applications, Green said. If Microsoft continues to make its PKI log-in application-specific, users might have to add digital certificates to their smart cards for every new application.

"If we let Microsoft do that, we know the next week someone else would want to do it," Green said. "We didn't want to get in that game." He called the agreement "a very good decision on both parts. A good compromise."


What's in a Name?

The operating system being developed under the code name Blackcomb will

be the first that Microsoft Corp. releases as part of its .Net strategy,

which the company describes as a framework for the next generation of distributed


Whistler was the code name for the operating system that became Windows

XP, which is to be released this fall.

The names were derived from Whistler and Blackcomb mountains in Vancouver,

British Columbia, the site of a ski resort that is about a five-hour drive

from Redmond, Wash., the home of Microsoft.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected