Jump to content

Talk:Defense Message System

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Dusk884 (talk | contribs) at 23:44, 6 August 2006. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A lot of the information in this article is false, at least in how it pertains to the USAF implementation. I would correct it, but I am unsure of what information I am permitted to disclose due to NDA. Cfpresley 16:34, 11 April 2006 (UTC)[reply]

What part is false? You can say what part is false without violating agreements, can't you?

i am a little confused i didn't see anything about the usaf on this page.


No, I agree that this isn't entirely accurate, particulary the "security" concerns. Yes, it uses Outlook. However, DMS isn't given to any idiot. Though MS products are somewhat insecure (ie the page example of Buffer overflows)... this has never happened or will ever happen in DMS operations.

DMS, in fact, is the most secure system that the DoD has ever used. 1024 bit encryption using a hard token (FORTEZZA) with all its layers of security truly put DoD's popular PKI and CAC security (which also uses MS products). This is exactly why 128 bit encrypted PKI that we use with CAC logins etc is named to be "medium grade" security while DMS is the SOLE product worthy of being called "High Grade" Security by the DoD.

Looking at 128bits of encryption used by DoD today is easily broken. In fact, the first PKI message was broken 2 weeks upon its release. What about DMS? Never. Looking at 128 bits of encryption vs 1024 bits of encryption... you would be easily fooled into thinking that 1024 bits is approximately 10x stronger than 128 while in fact it is EXPONENTIALLY stronger. How is this? Because for every bit you add to the encryption, you DOUBLE the amount of possible keys to unlock your message.

The DMS main page on Wikipedia makes it appear as though DMS has some serious security flaws and yet, it is in fact the strongest we have ever used. Even riding the NIPRNET, we are assured of High Grade Assurance.

Considering that it's reported that so many military units are still using SMTP in the clear for actual SWA troop movements, even I can accept the popular 128 bit PKI system that DoD finds so attractive lately... it's better than SMTP in the clear. However, if we REALLY wanted secure email, we'd go back to using DMS exclusively just for the encryption level (not to mention the fact you need a FORTEZZA card).

What is the real reason that DMS isn't the standard? Because of 2 reasons: 1) the software was buggy for the first 4 years and Lockheed just did a horrible job with documentation. You had to really dig and dig to be a pro administrator. 2) You still have to spend at least 6 hard months with a current DMS competent SA before you'll be one yourself. And so we have mostly inept DMS administrators and the result becomes broken sites.

The future of DoD email security is leaning towards "user friendliness" and less on actual hard security. The proof is in the use of 128 bit CAC encrypted email and the abandonment of 1024 bit encryption altogether it seems.

Sadly, in a few years, 2048 will be necessary to consider being secure. 128 bits just won't even be a day's challenge.

_________________

Ok listen, USAF uses a separate system called AMHS which i cant go into more detail because i still in fact use the DMS system (I am a CAW operator matter of fact). Therefore this information presented to you will not fall under any information you have dealt with. --Mark Orahoske 22:12, 10 July 2006 (UTC)[reply]


It's not just the USAF, the DoD is moving to AMHS which isn't all that special. In fact, we lose security with AMHS vs using DMS because the highest level of encryption is 128 bits, between the web browser and the AMHS servers.

I teach the CAW, I teach DMS, and I teach AMHS. DMS is/was the only bright future for DOD high grade assurance. There are many security holes in the AMHS system, the very reason it continues to fail DoD testing. Perhaps the mail should be encrypted on the servers rather than being in the clear. That would be a great start.

And so I agree with 2 entries above. DMS is and always was the correct way to go. AMHS, AUTODIN, and all other systems are too flawed and insecure. DMS is entirely secure.


The main article for this entry states that DMS is often used in conjuction with DMS. The fact is, DMDS is a part of DMS, not a seperate entity. It's also considered to be a part of a DMS Core package if you were to open a site.

AUTODIN is far from the answer and the main article is wrong here as well. DMS is the only system to never be broken or compromised. AUTODIN has 2 incidents. AMHS is insecure by design, the same reason it can't pass DOD requirements for the last 3 years (email storage in the clear being the biggest example.)

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Defense_Message_System&oldid=68091027"