Jump to content

Talk:Defense Message System

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 63.227.95.53 (talk) at 05:29, 12 June 2006. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A lot of the information in this article is false, at least in how it pertains to the USAF implementation. I would correct it, but I am unsure of what information I am permitted to disclose due to NDA. Cfpresley 16:34, 11 April 2006 (UTC)[reply]

What part is false? You can say what part is false without violating agreements, can't you?

i am a little confused i didn't see anything about the usaf on this page.


No, I agree that this isn't entirely accurate, particulary the "security" concerns. Yes, it uses Outlook. However, DMS isn't given to any idiot. Though MS products are somewhat insecure (ie the page example of Buffer overflows)... this has never happened or will ever happen in DMS operations.

DMS, in fact, is the most secure system that the DoD has ever used. 1024 bit encryption using a hard token (FORTEZZA) with all its layers of security truly put DoD's popular PKI and CAC security (which also uses MS products). This is exactly why 128 bit encrypted PKI that we use with CAC logins etc is named to be "medium grade" security while DMS is the SOLE product worthy of being called "High Grade" Security by the DoD.

Looking at 128bits of encryption used by DoD today is easily broken. In fact, the first PKI message was broken 2 weeks upon its release. What about DMS? Never. Looking at 128 bits of encryption vs 1024 bits of encryption... you would be easily fooled into thinking that 1024 bits is approximately 10x stronger than 128 while in fact it is EXPONENTIALLY stronger. How is this? Because for every bit you add to the encryption, you DOUBLE the amount of possible keys to unlock your message.

The DMS main page on Wikipedia makes it appear as though DMS has some serious security flaws and yet, it is in fact the strongest we have ever used. Even riding the NIPRNET, we are assured of High Grade Assurance.

Considering that it's reported that so many military units are still using SMTP in the clear for actual SWA troop movements, even I can accept the popular 128 bit PKI system that DoD finds so attractive lately... it's better than SMTP in the clear. However, if we REALLY wanted secure email, we'd go back to using DMS exclusively just for the encryption level (not to mention the fact you need a FORTEZZA card).

What is the real reason that DMS isn't the standard? Because of 2 reasons: 1) the software was buggy for the first 4 years and Lockheed just did a horrible job with documentation. You had to really dig and dig to be a pro administrator. 2) You still have to spend at least 6 hard months with a current DMS competent SA before you'll be one yourself. And so we have mostly inept DMS administrators and the result becomes broken sites.

The future of DoD email security is leaning towards "user friendliness" and less on actual hard security. The proof is in the use of 128 bit CAC encrypted email and the abandonment of 1024 bit encryption altogether it seems.

Sadly, in a few years, 2048 will be necessary to consider being secure. 128 bits just won't even be a day's challenge.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Defense_Message_System&oldid=58159248"