Re: NCipher Takes Hardware Security To Network Level

2003-10-16 Thread Peter Gutmann
Jerrold Leichter [EMAIL PROTECTED] writes:

There was also an effort in England that produced a verified chip.  Quite
impressive, actually - but I don't know if anyone actually wanted the chip
they (designed and) verified.

The Viper.  Because it needed to be formally verifiable, they had to leave out
most of the things that people are used to in modern CPUs and that make
writing an OS easy, leading to a vaguely early-60s level of CPU architecture
that probably would have been unpleasant to program for for anyone used to
modern CPUs, and requiring expensive custom development of almost everything
from scratch (you can't run Linux on that one).  Eventually the project went
into a meltdown over what was actually done (for example is verifying a set of
4-bit slices the same as verifying a 32-bit CPU?) and the legal battles lead
to the demise of the company that was to exploit it commercially (there's a
lot more to it than that including a fair bit of politics, that's a cut-down
version to save space).

Very few real efforts were made to actually produce a provably correct OS.

There were actually quite a few efforts, starting in the 1970s, some of which
went on much longer than the 9-year VAX VMM effort.  PSOS - SAT - LOCK -
SMG (it may be called something else again now) has been going for about 25
years.  However, this is a really complex topic (way too much to cover here),
so I'll cheat a bit and refer anyone who's really that interested in the
problems that people ran into to Chapter 4 of Cryptographic Security
Architecture Design and Verification to save me having to paraphrase 40 pages
of text here.

The point of my post wasn't to start yet another round of formal-methods
bashing, but to point to an example of measuring what we know how to measure
even if there are strong indicators that this isn't the best way to do it.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-15 Thread Anton Stiglic

- Original Message - 
From: Ian Grigg [EMAIL PROTECTED]

 * In contrast, someone who knows little about cars,
 can objectively evaluate a car.  They can take it
 for a test drive and see if it feels right.  Using
 it is proving it.

I'm not totally convinced of this...  Someone with little knowledge about
cars might see the difference between a KIA and a Mercedes in one test
drive, but I would think that most affordable cars seem to drive the same
in a simple test drive (at least from my experience).  But what
a person will do is talk to his friends and get feedback, he'll learn that
some type of cars have a bad reputation and others seem to be good.
This is also done in security, take for example host security modules used
by banks, most banks make their choice  based on the vendors reputation.
Unfortunately this choice is often influenced by publicity (and the more a
certain company sells, the more money it makes, the more publicity it can
afford, the more it will sell, even if their product is not the best).

There is a marketing rule that state that there is one product that
dominates
its field in every category and gets about 80% of all sells, then there are
1-3
other products that battle for second place, all others get almost nothing.
(example for cola Coke is number 1, with Pepsi
coming second).  I don't think security products make an exception to
this.

Another way people choose products is if they are recommended.  For
example, I buy a certain toothpaste because it is recognized by the
Canadian dental association.  This is a sort of certification.  There are
certainly other example of products in everyday life that get this type
of certification that influence people's choices.  Of course, publicity
also has some degree of influence here as well.

There are no official security associations recognized by the government
that include most of the security experts we know, rather what exists is
certain standards that the government itself decides upon and are used
(FIPS 140, CC).  This lack of an independent security association to
which any security expert can become a member of is maybe the root
of the problem?

--Anton

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-13 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes:

But the problem is how can people who know nothing about security evaluate
which vendor is most committed to security? For the moment, FIPS 140 and CC
type certifications seem to be the only means for these people...

Yeah, it's largely a case of looking where the light is.  An extreme example
of this is the use of formal methods for high-assurance systems, as required
by FIPS 140-2 level 4.  Why is it in there?  Because FIPS 140-1 had it there
at the highest levels.  Why was it in there?  Because the CC has it in there
at the highest levels.  Why was it in there?  Because the ITSEC had it in
there at the highest levels.  Why was it in there?  Because the Orange Book
('85) had it in there at the highest levels.  Why was it in there?  Because
the proto-Orange Book ('83) had it in there at the highest levels.  Why was it
in there?  Because in the 1970s some mathematicians hypothesised that it might
be possible to prove properties of complex programs/systems in the same way
that they proved basic mathematical theorems.

(Aside: This is starting to sound like that apocryphal Why are railway tracks
 spaced X units apart saga).

To continue: At what point in that progression did people realise that this
wasn't a very practical way to build a secure system?  Some time in the late
1970s to early 1980s, when they actually tried to reduce the theory into
practice.  There were quite a number of papers being published even before the
first proto-Orange Book appeared which indicated that this approach was going
to be extremely problematic, with problems... well, insert the standard
shopping list here.

So why is this stuff still present in the very latest certification
requirements?  Because we're measuring what we know how to measure, whether it
makes sense to evaluate security in that way or not.  This is probably why
penetrate-and-patch is still the most widely-used approach to securing
systems.  Maybe the solution to the problem is to figure out how to make
penetrate-and-patch more rigorous and effective...

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-13 Thread Anne Lynn Wheeler
At 10:22 PM 10/13/2003 +1300, Peter Gutmann wrote:
So why is this stuff still present in the very latest certification
requirements?  Because we're measuring what we know how to measure, whether it
makes sense to evaluate security in that way or not.  This is probably why
penetrate-and-patch is still the most widely-used approach to securing
systems.  Maybe the solution to the problem is to figure out how to make
penetrate-and-patch more rigorous and effective...
I would contend that the penetrate-and-patch model is because the original 
base was not designed for 7x24, fully interconnected environment. some 
slightly related comments on the subject:
http://www.garlic.com/~lynn/2003n.html#14 Poor People's OS

The air force found none of the problems in the studied infrastructure:
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from 
the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#43 another 30 year thing
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from 
the Multics Security Evaluation
http://www.garlic.com/~lynn/2003i.html#59 grey-haired assembler programmers 
(Ritchie's C)
http://www.garlic.com/~lynn/2003j.html#4 A Dark Day

the contention is that the system was designed to handle the circumstances. 
The currently common distributed software was not originally designed to 
handle this kind of situation  and repeatedly it has been demonstrated 
for assurance to work well  it has to be designed in from the start 
 not added on afterward.

At various times, we had polite competition since the worked referenced in 
the air force study was done on the 5th floor of 545 tech. sq ... and I was 
on the 4th floor ... also working on what was considered a secure (but 
totally different) system.
http://www.garlic.com/~lynn/subtopic.html#545tech

There were issues about unfair comparison since at the time of the 
following  the totally number of systems ever existing for the 5th 
floor system was something over one hundred. The total number of just 
internal corporate machines running the 4th floor system was in the 
thousands and the number of customer machines were low tens of thousands. 
So we just had light hearted competition with regard to just code I wrote 
 and the number of (internal) machines that I directly provided systems 
for (something over a hundred ... comparable to the total number of 5th 
floor systems).

The following reference was the system that the air force data center in 
the pentagon was running was getting old ... and they were looking at newer 
hardware, in this case initially twenty newer machines, each with about the 
same MIP rate of the aging machine running the 5th floor system. As 
referenced, this then turned into 210 such machines:
http://www.garlic.com/~lynn/2001m.html#15 departmental servers

--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-13 Thread Joseph Ashwood
- Original Message - 
From: Ian Grigg [EMAIL PROTECTED]
Sent: Saturday, October 11, 2003 1:22 PM
Subject: Re: NCipher Takes Hardware Security To Network Level

 Is there any reason to believe that people who
 know nothing about security can actually evaluate
 questions about security?

Actually, there are reasons to believe that they won't be able to, just as I
would not be qualified to evaluate the functionality of a sewage pump
(except from the perspective of it seems to work).

 And, independant assessors are generally subvertable
 by special interests (mostly, the large incumbents
 encourage independant assessors to raise barriers
 to keep out low cost providers).  Hence, Peter's
 points.  This is a very normal economic pattern, in
 fact, it is the expected result.

I take the counter view, assuming that a independent assessor can be found
that is truly independent, that assessor helps the small companies _more_
than the larger ones. To make a pointed example I will use a current
situation (which I am active in).

Trust Laboratories is a software assurance firm, whose first service is the
assurance of PKCS #11 modules. From the marketting perspective the large
incumbents (e.g. nCipher which started this conversation) have little
incentive to seek such assurances, they already have a solid lock on the
market, and the brand recognition to keep it that way. The small companies
though have a much stronger incentive, with an assurance they can hint and
in some cases maybe even outright claim technological superiority over the
encumbents, giving them a strong road into the market. The only purpose the
encumbents have for such assurances is combatting the small companies
assurances (not that I wouldn't love to have nCipher as a customer, I think
it would lend a great deal of credibility to the assurance, as well as
solidifying their marketshare against the under-developed technologies).

 So, right now, I'd say the answer to that question
 is that there is no way for someone who knows nothing
 about security to objectively evaluate a security
 product.

That will likely always be the case. In order to judge what level of
security is required they simply must have some knowledge of security.
Otherwise it is very much like asking John Smith what Ian Grigg's favorite
food is, (a typical) John Smith simply does not have the knowledge to give a
useful answer.
Joe

Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-11 Thread Anton Stiglic

- Original Message - 
From: Peter Gutmann [EMAIL PROTECTED]
 [...]

 The problem is
 that what we really need to be able to evaluate is how committed a vendor
is
 to creating a truly secure product.
 [...]

I agree 100% with what you said.  Your 3 group classification seems
accurate.
But the problem is how can people who know nothing about security evaluate
which vendor is most committed to security?
For the moment, FIPS 140 and CC type certifications seem to be the only
means
for these people...  Unfortunately these are still to general and don't
always give
you an accurate measurement of how dedicated to security the vendor was...
This seems to be a big open-problem in practical security!

--Anton

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-11 Thread Ian Grigg
Anton Stiglic wrote:
 
 - Original Message -
 From: Peter Gutmann [EMAIL PROTECTED]
  [...]
 
  The problem is
  that what we really need to be able to evaluate is how committed a vendor
 is
  to creating a truly secure product.
  [...]
 
 I agree 100% with what you said.  Your 3 group classification seems
 accurate.
 But the problem is how can people who know nothing about security evaluate
 which vendor is most committed to security?


(I am guessing you mean, in some sort of objective sense.)

Is there any reason to believe that people who
know nothing about security can actually evaluate
questions about security?

It's often been said that security is an inverted
product.  (I'm scratching to think of the proper
economic term here.)

That is, with security, you can measure easily when
it is letting the good stuff through, but you don't
know when and if and how well it is stopping the bad
stuff *.

The classical answer to difficult to evaluate
products is to concentrate on brand, or independant
assessors.  But, brands are based on revenues, not
on the underlying product.  Hence widespread confusion
as to whether Microsoft delivers secure product - the
brand gets in the way of any objective assessment.

And, independant assessors are generally subvertable
by special interests (mostly, the large incumbents
encourage independant assessors to raise barriers
to keep out low cost providers).  Hence, Peter's
points.  This is a very normal economic pattern, in
fact, it is the expected result.

So, right now, I'd say the answer to that question
is that there is no way for someone who knows nothing
about security to objectively evaluate a security
product.

iang

* In contrast, someone who knows little about cars,
can objectively evaluate a car.  They can take it
for a test drive and see if it feels right.  Using
it is proving it.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-08 Thread Peter Gutmann
I wrote:

Peter (I define myself to be A BIT CYNICAL about all this).

Since it could appear that I'm gratuitously bashing FIPS 140 (or certification
processes in general) here, I should clarify: As with all attempts at one-
size-fits-all solutions, one size doesn't quite fit all.  You can break the
people getting the certification down into three classes:

  Group 1: Vendors who really care about security, and go well beyond the FIPS
140 requirements anyway.

  Group 2: Vendors who are generally interested in security, and will polish
up their product to meet the FIPS 140 requirements.

  Group 3: Vendors who want government contracts and see getting to their goal
as being a penetration exercise on the certification process.

Over time, the certification has been moving from being a value-add performed
only by vendors who really care to being a You must be at least this high to
ride the government-contract gravy train ticket check.  During this
progression, group 1 membership has remained more or less constant (they've
been building secure products for years, with or without the certification),
group 2 has grown slowly (mostly for hardware vendors doing level 2-3 stuff),
and everything else sort of ends up in group 3 (no-one wants to miss the gravy
train).

Of the three groups, only group 2 really benefit from the certification
requirements.  Group 1 is frequently hindered by them because the vendors'
security systems and models are far more sophisticated than the FIPS 140 ones,
but to get your certification you have to show that it's only at the FIPS 140
level (this situation is a bit like the short story that's been circulating
for some years in which systems engineers lobotomise a HAL 9000 so that it can
run COBOL and JCL as the market requires).  Group 3 just sees it as a
paperwork-production exercise, shipping exactly the same product as before,
only now they're allowed to sell it to government departments.  The problem is
that what we really need to be able to evaluate is how committed a vendor is
to creating a truly secure product.  Saying You won't get government
contracts until you can fill in the checkboxes seems to be providing entirely
the wrong motivation.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-07 Thread Perry E. Metzger

I was asked by someone to anonymously forward the following reply to
Joshua Hill to the list. (Second time in a week, and on the same topic!)

If you reply, please don't put my name in the reply -- this isn't my
comment.

--

  The government will still buy your encryption devices (FIPS-140
  certified)

 That will greatly depend on the sophistication of the agency concerned.
 The US Forest Service (for example) may not have the level understanding
 of the FIPS 140-2 standard that the US Navy has.

The last time we delt with the Navy, they barely knew what FIPS
140 was, weren't aware there were multiple levels, and when
informed of this had no idea what level they should be using. All
they were interested in was checking the box that said Must be
FIPS certified.

--

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-07 Thread Anton Stiglic

- Original Message - 
From: Peter Gutmann [EMAIL PROTECTED]
 [...]
 If you think that's scary, look at Microsoft's CryptoAPI for Windows XP
FIPS
 140 certification.  As with physical security certifications like BS 7799,
you
 start by defining your security perimeter, defining everything inside it
to be
 SECURE, and ignoring everything outside it.  Microsoft defined their
perimeter
 as the case of the PC.  Everything inside the PC is defined to be
SECURE.
 Everything outside is ignored.

I believe that is typical of most software crypto modules that are FIPS 140
certified, isn't it?
It classifies the module as multi-chip standalone.

This is why you get requirements of the type that it should run on Windows
in
single-user mode, which I take to mean have only an admin account.  This
prevents
privilege escalation attacks (regular user to root) that are easily done.

I think this is reasonable, since you really are relying on the OS and the
PC for the
security of the module.

More scary to me is stuff like
DSSENH does not provide persistent storage of keys.  While it is possible
to
store keys in the file system, this functionality is outside the scope of
this validation.

This is where Microsoft's CSPs do the dirty work, and use what is called
the Data Protection API (DPAPI) to somehow safeguard keys somewhere
in your system.

--Anton

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-07 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes:

This is why you get requirements of the type that it should run on Windows in
single-user mode, which I take to mean have only an admin account.  This
prevents privilege escalation attacks (regular user to root) that are easily
done.

I think this is reasonable, since you really are relying on the OS and the PC
for the security of the module.

Uhh, so you're avoiding privilege escalation attacks by having everyone run as
root, from which you couldn't escalate if you wanted to.  This doesn't strike
me as a very secure way to do things (and it would still get MSDOS certified,
because you've now turned your machine into a DOS box protection-wise).

More scary to me is stuff like DSSENH does not provide persistent storage of
keys.  While it is possible to store keys in the file system, this
functionality is outside the scope of this validation.

That's the Define the bits that we can easily get away with to be secure and
ignore the rest approach that I commented on.  It was actually part of a
posting to another list where I was poking fun at BS 7799:

-- Snip --

Some years ago I witnessed a BS 7799 security certification being done.  For
those of you who aren't familiar with this, it's ISO 9000 for security.  It
went something like this:

  First, we define the region from the rug in the corner to Dave's desk to the
  pot-plant on the right to be... SECURE.  Everything inside this region is by
  definition SECURE.  Everything outside the region is none of our concern.
  Access to the server room from the SECURE area is by locked door.  The keys
  are on a hook on the wall, but since the hook is outside the SECURE area, we
  don't have to worry about that.

  Now we need to produce a lot of paperwork.  I'll help you with this, it
  should only take a few weeks.

  Congratulations, you now have a BS 7799-certified SECURE facility.  Here's
  my bill.

In other words they didn't change anything at all in their insecure (except in
the eyes of BS 7799) work area.  The whole certification process was an
exercise in meeting the certification requirements purely through the
production of paperwork.

-- Snip --

The SECURE facility has since been decomissioned, so I guess it's safe to talk
about it now.  Incidentally, almost everyone knew where the key was because
the room in question had the best air-conditioning in the building (it was
packed full of servers and networking gear), so it became quite popular in the
summer with the sysadmins, who'd find various reasons to do extended amounts
of work in there.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-07 Thread Anton Stiglic

- Original Message - 
From: Peter Gutmann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 11:07 AM
Subject: Re: NCipher Takes Hardware Security To Network Level


 Anton Stiglic [EMAIL PROTECTED] writes:

 This is why you get requirements of the type that it should run on
Windows in
 single-user mode, which I take to mean have only an admin account.  This
 prevents privilege escalation attacks (regular user to root) that are
easily
 done.
 
 I think this is reasonable, since you really are relying on the OS and
the PC
 for the security of the module.

 Uhh, so you're avoiding privilege escalation attacks by having everyone
run as
 root, from which you couldn't escalate if you wanted to.  This doesn't
strike
 me as a very secure way to do things (and it would still get MSDOS
certified,
 because you've now turned your machine into a DOS box protection-wise).

Did you read the security policy of Netscape Security Module?  Basically,
if you want to get the configuration that is FIPS 140 certified, you need
to install the module on a PC and add tamper resistant seals over
appropriate
interfaces, junctions and fasteners of all doors and covers in the enclosure
of the PC, so that you can't open the cover without the fact being
physically
noticeable.  I suggest adding some duct tape in strategic positions for
additional
security :).

By reasonable I mean in the framework of having a general purpose software
cryptographic library be certified FIPS.  I'm not saying I find this secure.
When I see a software library being certified FIPS 140, I say to myself it
must
implement the cryptographic algorithms in a descent way, has a descent
random number generator, and stuff like that.  I don`t care much about the
physical boundary that they artificially determine.

If I want high security, I will go with hardware.  At the end of the line,
what
you want to protect is your secret keys, and if you don't have a tamper
resistant
hardware (that zeroizes your secrets when someone tries to poke at it)
to do that it is difficult if not impossible.

--Anton


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


NCipher Takes Hardware Security To Network Level

2003-10-06 Thread R. A. Hettinga
http://www.crn.com/Components/printArticle.asp?ArticleID=44909


CRN --
Print This Article


NCipher Takes Hardware Security To Network Level 


By
Charlene O'Hanlon 
CRN 

9:35 AM EST Mon., Oct. 06, 2003 

NCipher Monday
unveiled a network-level version of its nShield Hardware Security Module, a
device that sits in front of a server and holds all of the cryptographic
information that would otherwise be housed in the server, said Richard
Moulds, vice president of marketing at nCipher. 

The device offers a
higher level of security protection, said Moulds. All of the cryptography
that would have been on the server moves to our box, and an SSL connection
goes into the box separate from the server so even if a hacker broke into
the server, he couldn't get to the cryptography on the box, he said.


NetHSM, in contrast, sits on a network and offers multiple servers the
same level of cryptography protection that before was offered only to one
server per box. 

Before, one HSM per server was a relatively expensive
proposition and, frankly, it was not the easiest thing to manage because of
the high level of security, Moulds said. NetHSM is cheaper because
companies aren't buying one box per server anymore; it's easier to manage;
and it works with a virtually unlimited number of servers because it is
four times faster than the fastest HSM. 

NetHSM offers full FIPS 140-2
Level 3 validation. The nature of NetHSM makes it a good fit for companies
in need of extreme security, such as SSL and Web services, PKI and
certificate services, 3-D secure and online payment processing, XML and
document signing services and secure appliance solutions, according to the
company. 

Moulds hopes NetHSM will open the door to systems integrators
and consultants who previously had not considered entering the security
realm. This is something they can get their heads around; it's a way to
add security without having to fool around with boxes, he said. 

NetHSM,
available Monday, lists for $30,000, which includes one server connection.
Additional server connections are $5,000 each. That compares to the cost of
nShield HSM, which lists for $5,000 to $25,000 depending on functionality.



-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-06 Thread R. A. Hettinga

--- begin forwarded text


Status:  U
Date: Mon, 06 Oct 2003 12:40:41 -0400
From: Somebody
To: R. A. Hettinga [EMAIL PROTECTED]
Subject: Re: NCipher Takes Hardware Security To Network Level

Don't identify me, since I'm not sure what parts of my NDA are still in 
force now that they've announced it.

It's really pretty clever.  All the expensive key-management is moved 
off to their centralized server.  As each low-cost HSM (the things that 
go into your server) comes up, it sends its card identity to the 
server.  The server responds with the necessary keys, sent in 3DES 
(maybe AES?  I forget details).  Their cards can now be fairly simple 
accelerators, and need less key protection, less NVRAM, etc.

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NCipher Takes Hardware Security To Network Level

2003-10-06 Thread Joshua Hill

 In fact, if you're clever, you can manage to not trouble yourself to get
 the key-management, etc. certified, getting only the simple, symmetric-cipher
 stuff run through the process.  

You can, but that doesn't mean that it's ok.

Key management is explicitly covered under FIPS 140-2.  If you have an
underlying FIPS 140-2 module doing the basic low level crypto, and then
have (crypto based) key management performed outside the module boundary,
the larger system is not a FIPS 140-2 module, FIPS 140-2 compliant, or
appropriate for the protection of sensitive but unclassified information
within a federal agency without a separate FIPS 140-2 validation of the
larger module.

 The government will still buy your encryption devices (FIPS-140
 certified)

That will greatly depend on the sophistication of the agency concerned.
The US Forest Service (for example) may not have the level understanding
of the FIPS 140-2 standard that the US Navy has.

Josh

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]