Re: Defense Messaging System Was: e-Government uses"Authority-stamp-signatures"

[Stephen Kent <kent@xxxxxxx>]

Title: Re: Defense Messaging System Was: e-Government uses "

At 11:16 AM +0100 12/21/02, Anders Rundgren wrote:

> Steve,
>  
> <snip>
> > This is not a
> > new concept in other environments, e.g., the US DoD Defense Message
> > System sends all official messages with signatures that represent
> > organizations, not individuals. The system was developed and initially
> > deployed starting in the early 90's, I believe.
> This is
> [good] news in my opinion, being an advocate for this kind of
> "architecture for secure inter-organization
> information-management". I was though unable to find
> any decent "rationale" type of paper.  To be
> complete, I would like to mention the pre-PKI systems currently
> performing maybe some 99% of all inter-organization
> "e-transactions", that practically all authenticate messages
> at the business partner (organization) level.  It is a bit
> puzzling that the PKI community in general seems to have a problem
> with this simple, time-proven, and efficient
> scheme.

I don't think the PKI community has a problem with this model, so long as it accurately reflects the underlying authorization scheme.

 In the case of the U.S. DoD DMS, the messages being exchanged are formal messages between organizations, not individuals. Certain individuals within an organization are designated as "release authorities" who determine what is sent as a message on behalf of an organization. Local means are employed to provide accountability for this function. Also, the DMS is the latest version of this messaging function, which was previously implemented as AUTODIN, so the formal mechanisms etc, were all worked out 30 years ago.

Steve