[Infowarrior] - Military industrial complex aims to revamp email

Richard Forno rforno at infowarrior.org
Sun Jan 20 04:16:13 UTC 2008 

Military industrial complex aims to revamp email
Trust but verify
By John Leyden → More by this author
Published Tuesday 15th January 2008 11:34 GMT
http://www.theregister.co.uk/2008/01/15/secure_email_spec/

A consortium of British and US military agencies and defense and aerospace
firms have agreed a new standard for secure email. Security experts are
watching the developments closely, but are unsure how much of the
specification will make it into public use or commercial email security
products.

The secure email specification from the The Transglobal Secure Collaboration
Program (TSCP) aims to address email's inherent identity and data
transmission security flaws. The specification covers a method for
authenticating users that creates a Public Key Infrastucture system that
could act as the backbone for other forms of electronic collaboration.

The requirements were defined and endorsed by the members of the TSCP: the
US Department of Defense (DoD), UK Ministry of Defence (MoD), BAE Systems,
Boeing, EADS, Lockheed Martin, Northrop Grumman, Raytheon, and Rolls-Royce.

The US Defence Department intends to use the specification to protect
"controlled but unclassified information". The MoD also expects to deploy
the capability enterprise-wide in 2008 for classifications up to "UK
Restricted".

The TSCP implementation is based on TSCP-defined publicly available
specifications which organisations must follow to assign vetted identity
information to all email senders and recipients. The current implementation
was constructed with commercial-off-the-shelf (COTS) products, open source
software, and a commercial trusted third-party service, CertiPath. The
resulting digital certificate-based system ensures that information only
travels to and from trusted parties. The framework plugs into either Lotus
Notes or Outlook clients.

PKI has long been touted as the next big thing in information security. But
the difficulty of putting in such systems and integrating them with other
platfors has made the technology complicated and costly. Even though most
aspects of the TSCP approach are public, it's unclear how much impact the
approach will have in the wider world outside military organisations and
their contractors.

"I don't know how much of this will end up public. Certainly I'm interested.
And certainly email could use a major security overhaul," security guru
Bruce Schneier told El Reg. "People are abandoning the medium in favour of
others that are less spam-filled." ®

More information about the Infowarrior mailing list