re: http://www.garlic.com/~lynn/2014e.tml#23 Is there any MF shop using AWS service?
TCP/IP Might Have Been Secure From the Start If Not For the NSA http://beta.slashdot.org/story/200323 Note NSFNET backbone was precursor to modern internet (and cloud computing). http://www.technologyreview.com/featuredstory/401444/grid-computing/ we had been working with various players and were suppose to get $20M to tie together the various NSF supercomputer sites. Then congress cuts the budget and some other things happen. Finally they come out with an RFP but internal politics prevent us from bidding. The director of NSF tries to help by writing the company a letter, but that just makes the internal politics worse (as does comments about what we already have running is at least 5yrs ahead of bid responses). Some old nsfnet related email http://www.garlic.com/~lynn/lhwemail.html#nsfnet posts mentioning NSFNET backbone http://www.garlic.com/~lynn/subnetwork.html#nsfnet We had project with T1 and faster speed links on the internal network .. some of the past posts http://www.garlic.com/~lynn/subnetwork.html#internalnet ... one of the differences was that all internal links had to be encrypted ... which effectively required link encryptors. some old crypt related email http://www.garlic.com/~lynn/lhwemail.html#crypto includes some proposal for a PGP-like implementation in 1981. One of the issues was that software DES for sustained full-duplex T1 would have required dedicating 100% of both processors of large mainframe 3081K. Now I didn't like what I had payed for T1 link encryptors and finding link encryptors faster than T1 was really hard ... so I got involved in doing our own; the design was to be able to handle several megabytes (not megabits) per second sustained and could be built for under $100. At first the corporate crypto product group claimed that it significantly reduced DES crypto strength. It took me 3months to figure out how to explain to them what was going on and convince them it was significantly stronger than DES rather than significantly weaker. However it was hollow victory, and I realized that there were three kinds of crypto 1) the kind they don't care about, 2) the kind you can't do, 3) the kind you can only do for them (I was told I could build as many as I wanted, but they would have to all be sent to an address in Maryland; and I couldn't use any of them). Later (after we left), we were brought in as consultants to a small client/server startup that wanted to do payments on their server; they had developed this technology they called "SSL" they wanted to use, the result is now frequently called "electronic commerce". We had to map the technology to payment business process, audit/walk-thru these new businesses selling SSL digital certificates, and establish deployment requirements. Almost immediately webservers found that "SSL" cut their throughput 80-90% and they dropped back to just using "SSL" for checkout/payment. Note, basic SSL assumption was that users understood the relationship between the webserver they wanted to talk to and the URL they typed in. The browser would then use SSL to validate that the webserver being talked to corresponded with the URL typed in. Both were needed for the webserver being talked to was the webserver the user thought they were talking to. Webservers dropped back to only using SSL for checkout/payment. Now the URL the user typed in was no longer validated. Then payment URL was provided by clicked on button from the unvalidated webserver. The result was that now SSL established that the webserver being talked to was the webserver it claimed to be (but not necessarily the webserver the user thought it was). -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
