<div dir="ltr">On Fri, Jan 5, 2018 at 3:34 AM, Jerry Leichter <span dir="ltr"><<a href="mailto:leichter@lrw.com" target="_blank">leichter@lrw.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> Wouldn't this be a good time to think about putting x86 & x86-64 out of everyone's misery?<br></span></blockquote><div><br></div><div>It is not x86 but the design decisions to make their part execute code quickly. <br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
> Have there been any *clean sheet* architecture designs since the Snowden revelations?<br>
</span>Let's follow this thought through all the way.<br>
<br>
For the last 75 years, a driving force in the computer design business has been: Computer hardware is expensive,</blockquote><div><br></div><div>It is expensive and it also depends on a lot of external designs. Disk controllers have system interfaces, WiFi, display and</div><div>graphics subsystems. It is more than Intel, ARM or AMD.<br><br></div><div>Cross licensing of patents push and pull common ideas in unexpected ways. <br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> we can't afford to dedicate a machine entirely to one person/program;<br></blockquote><div>.... hmmm.... <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Perhaps the solution is to avoid the root cause. Imagine a system with a "physical hypervisor".</blockquote><div><br></div><div>This physical *visor point opens a crypto door.<br></div><div> <br></div><div>As for digging a hole and stopping... ,trying to dig the bottom of a hole first is worth thinking about. <br></div><div>Are we trying to dig the bottom first? It is not something that can be done.. but miners raise tunnels <br></div><div>from the bottom because they are at the bottom already.<br></div><div><br>The crypto door may open on smaller projects to get under and go to work building a better system.<br><br></div><div>Encryption and key management might be off loaded to a card little different than a graphics or WiFi subsystem.<br></div><div>Keys and other 'secrets' would go in (never out) and not reside in system/kernel memory for lengthy periods.<br></div><div>Data would go in and encrypted results seen at an output port that could be mapped and isolated.<br><br></div><div>The processor and device could be dumb enough to not need difficult to design complexity.<br></div><div>The code could be limited and 'safer' by design using methods like seL4 and not be permitted to</div><div>run user code. The cost target should allow replacement with revision two, three, ... N.<br><br></div><div>An external device could be designed and deployed on old hardware and might arrive quicker than</div><div>new silicon from the big guys. It could be a partial solution of value and might mitigate other attacks.<br></div><div><br></div><div>Right now password safes are a potential risk... cloud users that use them on the cloud might reconsider<br></div><div>and use an air gap machine for secrets.<br><br></div><div>i.e. What can be done from the bottom of the mountain? <br> example: external VPN, firewall devices and old phones in airplane mode for air-gaped password management.. <span class="HOEnZb"><font color="#888888"> <br></font></span></div><div> </div></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>