Pentagon pursues compatible signatures

DOD Digital Signature Implementation Profile

Defense Department officials have issued more than 5 million smart cards with digital signature capabilities to identify employees and contractors. But incompatibility problems have forced them to consider an unusual step: requiring commercial desktop applications to be tailored to the Pentagon's unique identity management requirements.

In a special notice to vendors, members of the DOD Digital Signature Interoperability Team say they are seeking information on the practicality of having software application vendors deliver DOD-specific implementations of two commercially available digital signature standards.

Each standard permits numerous implementation choices, which create interoperability problems that DOD officials must now try overcome. The department’s interoperability team members made choices from available options in the standards to arrive at DOD-specific profiles for the Public-Key Cryptography Standard (PKCS) #7 and the Extensible Markup Language Digital Signature Standard (XML Dsig).

Web browsers and document-processing software are the primary commercial applications that would be affected if DOD officials were to ask vendors to conform to DOD’s profiles for PKCS #7 and XML Dsig in future procurements.

"It is our intent to require all applicable desktop applications to implement PKCS #7 and XML Dsig in accordance with these profiles for all future and potentially current product releases," according to the notice published on the FedBizOpps Web site.

Featured

  • Congress
    tech budget

    TMF set to receive $1B infusion in COVID relief bill

    Former federal IT leaders told FCW that the boost for the Technology Modernization Fund is welcome, but the big money may necessitate process changes.

  • People
    2021 Federal 100 Awards

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

Stay Connected