8 August 1997
Source: Mail list cryptography@c2.net
See also the National Security Agency's MISSI site: http://www.nsa.gov:8080/programs/missi/
And the NSA's FORTEZZA site at: http://www.armadillo.huntsville.al.us/
To: cryptography@c2.net Date: Thu, 7 Aug 1997 21:27:20 -0700 (PDT) From: Phil Karn <karn@qualcomm.com> Subject: Fortezza 2.0 Cancellation ------- Start of forwarded message ------- >From: "Fritsch, Kenneth M." <kmfrits@missi.ncsc.mil> [lengthy recipient list deleted] >Subject: Fortezza 2.0 Cancellation >Date: Thu, 07 Aug 97 09:43:00 EDT >Encoding: 73 TEXT > > > Thank you for your interest in the Fortezza 2.0 architecture! However, >at this time the Fortezza 2.0 Architecture development effort has been >cancelled by the National Security Agency, X2. Many factors contributed to >the cancellation of the effort. I wanted to explain the situation to our >industry partners for you to gain better insight of our current direction >and provide you the reasoning for this change in direction. The viability of >the architecture was not in question, only the Government's resources and >direction were issues. The predominant deciding factors were: > >1. Our new corporate direction for network security, the commercialization >strategy, was inconsistent with the direction taken in the Fortezza 2.0 >architecture work. We will now try to drive compatibility at the CAPI >(Cryptographic Application Programmer's Interface) instead of the lower >levels, namely the libraries, drivers, and card interfaces. We desire >complete solutions where the developer of network products will select and >maintain those interfaces independent of the CAPI level. The Fortezza 2.0 >architecture work was in the process of defining these lower levels. > >2. NSA can no longer afford to pay for the developments to drive the >marketplace. We do not have a large enough market to substantially drive the >commercial market. Also, with that in mind, we do not have the manpower or >budget to see the Fortezza 2.0 architecture through to completion in the >commercial market. Therefore, our resources have been redirected to other >activities. > >3. With the use of commercial crypto for classified systems using a layered >security approach, much of the applicability for the Fortezza 2.0 >architecture for the Type 1 market niche has been eliminated. We can not >sufficiently address changes in the commercial market and our specific >classified system needs are being addressed in these other non-traditional >ways. > >4. Industry has already independently started to adopt pieces and principles >of the Fortezza 2.0 architecture in the multi-application Fortezza cards and >more specifically in the PC/SC (Personal Computer/Smart Card) standards. >This seems to be the direction technology is taking - without our lead. > >The National Security Agency will now focus our efforts on interoperability, >key management infrastructure support, and high level testing - to name a >few related areas that will be stressed. The Fortezza 2.0 architecture team, >however, performed valuable work which is still viable in today's commercial >marketplace. I can provide the architecture documents to allow synergy to >occur in the private sector with our industry partners. There were many good >ideas in the architecture that we wanted to share with any interested party >to help advance technology. The architecture had many desirable features to >include: > > - Multiple non-cooperating applications > - Multiple Users > - Multiple Tokens (includes PCMCIA, Smartcard, Software) > - Extensible functionality (Ability to add new algorithms, new key >management) > - Fixed structured signalling > - Improved performance over existing Fortezza architecture > - Improved software architecture to allow independence of software >modules for > easier upgrades. > - Interoperability at the CAPI/CSP level. > > The output of the Fortezza 2.0 architecture is contained primarily in two >documents, The ICD and the connection manager ICD. I will assume that you >have received the output of the FACT team previously (Communications >architecture, and software architecture). The ICD is about 85% complete and >contains all of the information of the architecture details and the >connection manager contains information that allows for sharing of resources >for multiple applications/users/tokens. If you have any additional >questions, please ask and I will do my best to provide answers. In the >interest of >allowing this e-mail to go out efficiently I have not attached the >documents. If you would like to get the documents - please ask. Thanks! > >Ken Fritsch > > ------- End of forwarded message -------