Next Windows to work with Pentagon's PKI

Microsoft Corp. officials have agreed to alter the next- generation Windows operating system so that it will accommodate the existing digital certificate being used on Defense Department Common Access Cards.

The agreement will help the Pentagon avoid issuing new, application-specific digital certificates for millions of Common Access Cards, which are being issued with a generic public-key infrastructure identity certificate. The move could give the Pentagon an incentive to quickly migrate to the successor to the Windows 2000 operating system.

The Pentagon plans to issue Common Access Cards, also known as smart cards, to 3.2 million people by Sept. 30, 2002. When inserted in a PC Card reader, the cards give authorized users access to a network.

In mid-May, Micro.soft officials sent a letter to Mike Green, the program management officer for DOD public-key infrastructure, committing to the use of DOD's identity certificate for smart card log-ins under the next-generation Windows system, said Pat Arnold, Microsoft Federal's director of information assurance. The successor to Windows 2000, code-named Blackcomb, is expected to be released in "a couple of years," said Keith Hodson, a Microsoft spokesman.

DOD and Microsoft officials met with members of the Internet Engineering Task Force (IETF)—an international community of network designers, operators, vendors and researchers—in March to discuss the agreement, Arnold said. IETF was consulted because Microsoft is using PKINIT, an IETF- produced public-key cryptography, for initial authentication in Blackcomb, Arnold said.

"PKINIT is how you marry up key operations and Kerberos," he said. Kerberos is the Massachusetts Institute of Technology- developed secret-key cryptography that provides strong authentication between client and server.

The smart card log-in feature of Windows 2000—the system used on Navy Marine Corps Intranet PCs and servers—uses application-specific certificates, Green said. "What we told [Microsoft] is "That's not the way we designed the DOD certificate,' " he said.

Within the next two years, there could be thousands of PKI- enabled DOD applications, Green said. If Microsoft continues to make its PKI log-in application-specific, users might have to add digital certificates to their smart cards for every new application.

"If we let Microsoft do that, we know the next week someone else would want to do it," Green said. "We didn't want to get in that game." He called the agreement "a very good decision on both parts. A good compromise."


What's in a Name?

The operating system being developed under the code name Blackcomb will

be the first that Microsoft Corp. releases as part of its .Net strategy,

which the company describes as a framework for the next generation of distributed


Whistler was the code name for the operating system that became Windows

XP, which is to be released this fall.

The names were derived from Whistler and Blackcomb mountains in Vancouver,

British Columbia, the site of a ski resort that is about a five-hour drive

from Redmond, Wash., the home of Microsoft.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected