Well, I see that I started some interesting discussions. Let me try to answer
some of the questions - the answers are not complicated.
Phil Smith said:
> I can only speculate from here that it's either (a) a conservative
approach, to keep mixed use
> from causing unsatisfactory performance for one camp or the other (e.g.,
a ton of SSL handshakes
> causes PIN operations to be slow, or vice versa)
That is exactly the reason. The System z architects were worried that
performance would be unpredictable when operations of the two types could
"steal" performance from each other.
Tony Harminc said:
> Which of course raises the questions of how well the card interfaces
>are documented, and whether the cards are available for other
> platforms.
The low-level interfaces to the cards are intentionally NOT publicly
documented. The reason for this is that those interfaces change from time to
time, typically when we come out with a new card. Thus, there would be a big
problem if customers coded to such an interface - they would be quite unhappy
when their stuff stopped working after IBM made changes. To solve that
problem, we define higher-level interfaces (like the CCA API) that we keep the
same from card to card.
The cards are definitely available on other platforms. It has always been
available on all IBM server families - for example, see
http://www-03.ibm.com/security/cryptocards/pciecc/overproduct.shtml where you
will find information saying the PCIe crypto card (4765, aka CEX3/CEX4S) is
available on System z (z/OS, Linux, others), Power servers (AIX, IBM i), and
System x servers (Linux, and Windows by special request).
Tony also mentioned this:
> Some years ago researchers at Ross Anderson's security lab at Cambridge
mounted a
> successful attack on earlier IBM crypto APIs
Be careful to understand what they really found. Their attack was only
possible in unrealistic configurations in which any user was authorized to
invoke every API function possible with the crypto card - and in real-world
systems, access control is always used to block just such attacks. Prevention
of such attacks is precisely why there IS access control built in to all
systems using the crypto cards. As you may know, even after it was publicized,
there were never ANY actual cases where such an attack was used on live systems
- because it was impossible with any reasonably configured system. Regardless,
we did make some changes to prevent the attacks they noted.
Radoslaw Skorupka said:
> > ... and whether the cards are available for other platforms.
> Yes, obviously. There have been since first model (PCICC).
Actually, it goes back farther than that. Our first crypto card was the 4755,
in 1989. That card was supported on PCs, RISC 6000 AIX systems (predecessor to
System p and Power), and AS/400. In addition, we had a separate product, the
4753, which contained the 4755 card and channel-attached to mainframes running
MVS. (and yes, I worked on those - in addition to the research work that
preceded them. Thanks, Phil for mentioning my history on this!)
Todd Arnold
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
