Next Windows to work with Pentagon's PKI

Microsoft Corp. officials have agreed to alter the next- generation Windows operating system so that it will accommodate the existing digital certificate being used on Defense Department Common Access Cards.

The agreement will help the Pentagon avoid issuing new, application-specific digital certificates for millions of Common Access Cards, which are being issued with a generic public-key infrastructure identity certificate. The move could give the Pentagon an incentive to quickly migrate to the successor to the Windows 2000 operating system.

The Pentagon plans to issue Common Access Cards, also known as smart cards, to 3.2 million people by Sept. 30, 2002. When inserted in a PC Card reader, the cards give authorized users access to a network.

In mid-May, Micro.soft officials sent a letter to Mike Green, the program management officer for DOD public-key infrastructure, committing to the use of DOD's identity certificate for smart card log-ins under the next-generation Windows system, said Pat Arnold, Microsoft Federal's director of information assurance. The successor to Windows 2000, code-named Blackcomb, is expected to be released in "a couple of years," said Keith Hodson, a Microsoft spokesman.

DOD and Microsoft officials met with members of the Internet Engineering Task Force (IETF)—an international community of network designers, operators, vendors and researchers—in March to discuss the agreement, Arnold said. IETF was consulted because Microsoft is using PKINIT, an IETF- produced public-key cryptography, for initial authentication in Blackcomb, Arnold said.

"PKINIT is how you marry up key operations and Kerberos," he said. Kerberos is the Massachusetts Institute of Technology- developed secret-key cryptography that provides strong authentication between client and server.

The smart card log-in feature of Windows 2000—the system used on Navy Marine Corps Intranet PCs and servers—uses application-specific certificates, Green said. "What we told [Microsoft] is "That's not the way we designed the DOD certificate,' " he said.

Within the next two years, there could be thousands of PKI- enabled DOD applications, Green said. If Microsoft continues to make its PKI log-in application-specific, users might have to add digital certificates to their smart cards for every new application.

"If we let Microsoft do that, we know the next week someone else would want to do it," Green said. "We didn't want to get in that game." He called the agreement "a very good decision on both parts. A good compromise."

MORE INFO

What's in a Name?

The operating system being developed under the code name Blackcomb will

be the first that Microsoft Corp. releases as part of its .Net strategy,

which the company describes as a framework for the next generation of distributed

computing.

Whistler was the code name for the operating system that became Windows

XP, which is to be released this fall.

The names were derived from Whistler and Blackcomb mountains in Vancouver,

British Columbia, the site of a ski resort that is about a five-hour drive

from Redmond, Wash., the home of Microsoft.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.