Pentagon pursues compatible signatures

DOD Digital Signature Implementation Profile

Defense Department officials have issued more than 5 million smart cards with digital signature capabilities to identify employees and contractors. But incompatibility problems have forced them to consider an unusual step: requiring commercial desktop applications to be tailored to the Pentagon's unique identity management requirements.

In a special notice to vendors, members of the DOD Digital Signature Interoperability Team say they are seeking information on the practicality of having software application vendors deliver DOD-specific implementations of two commercially available digital signature standards.

Each standard permits numerous implementation choices, which create interoperability problems that DOD officials must now try overcome. The department’s interoperability team members made choices from available options in the standards to arrive at DOD-specific profiles for the Public-Key Cryptography Standard (PKCS) #7 and the Extensible Markup Language Digital Signature Standard (XML Dsig).

Web browsers and document-processing software are the primary commercial applications that would be affected if DOD officials were to ask vendors to conform to DOD’s profiles for PKCS #7 and XML Dsig in future procurements.

"It is our intent to require all applicable desktop applications to implement PKCS #7 and XML Dsig in accordance with these profiles for all future and potentially current product releases," according to the notice published on the FedBizOpps Web site.