[email protected] (J.P.) writes: > Maybe this gets their attention back? (hopefully few of the list usual > readers also:) > > Been reading a bit on the subject, and one detail caught my eye... > ... NSA is pushing ecliptic curves since 2009 as "the next best thing" (guess > why;) > (http://www.nsa.gov/business/programs/elliptic_curve.shtml) > > Now, whats that crypto that IBMers are always mentioning on the > security conf. in Montpellier? ECC? :)
longer than that ... technical director in the Information Assurance Directorate had me give a talk in his assurance panel at IDF in trusted computing track ... gone 404 but lives on at wayback machine http://web.archive.org/web/20011109072807/http://www.intel94.com/idf/spr2001/sessiondescription.asp?id=stp+s13 as well come in to give a talk to the other technical directors in the information assurance directorate. I was looking to get better than EAL4+ evaluation on a chip ... but NIST pulled the ECC evaluation criteria just before AADS chip strawman evaluation ... had to settle for EAL4+ because ECC was baked into the silicon of the chip. Since 90s, I was semi-facetiously saying I would take a $500 milspec chip, aggressively cost reduce it by 2-3 orders of magnitude (eventually under dollar) while improving security. IA had presence in the X9 financial industry standards meetings ... and there were references to rifts between IA and SIGINT ... but for all I know that may have just been misdirection. as an aside ... old reference to early jan92 meeting in ellison conference room http://www.garlic.com/~lynn/95.html#13 part of our ha/cmp product ... some past posts http://www.garlic.com/~lynn/subtopic.html#hacmp end of jan92, cluster scaleup is transferred and we are told we can't work on anything with more than four processors ... significant contributor in decision to leave. two of the other people mentioned in the Ellison meeting later leave to go to small silicon valley client/server startup. We are then brought in as consultants because they want to do payment transactions on their server, the startup had also invented this technology called "SSL" they want to use ... the result is now frequently called "electronic commerce". we have to map SSL technology to payment transactions as well as establish a lot of security deployment and use requirements. almost immediately, several of the requirements were violated ... accounting for many of the exploits that continue to this day. part of the work required developing something called "payment gateway" (interface between internet and payment networks that ecommerce servers interacted with) ... we've periodically claim it was the original SOA ... some past posts http://www.garlic.com/~lynn/subnetwork.html#payments I was given final authority on everything between ecommerce servers and payment gateways ... but could only recommend operation between ecommerce servers and browser clients (partially accounting for dropping several security requirements). -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
