[Cryptography] What do we know? (Was 'We cannot trust' ...)

Brian Gladman brg at gladman.plus.com
Sat Dec 28 13:17:51 EST 2013 

On 28/12/2013 08:51, James A. Donald wrote:
> James A. Donald <jamesd at echeque.com> wrote:
>>> Not when you are selling to government agencies.  If they want a
>>> customized
>>> product, you produce a fork or a skew for that government agency and
>>> charge
>>> them extra.
> 
> On 2013-12-27 02:48, Donald Eastlake wrote:
>> Large customers, government or otherwise, that know what they are
>> doing realize that if a custom extension/addition is incorporated in a
>> product *just for them*, then they will be paying forever for it to be
>> maintained and included with every future upgrade of the product.
> 
> Famously, government does not care.  It is just taxpayer money.

In my experience they do care in the information security business
since, as Donald has said, even if the R&D costs can be sustained, the
ongoing support costs soon kill any prospect of ongoing deployment.

In the 1970s and 80s Honeywell further developed the Multics Operating
System and obtained B2 certification for defence use. The resulting
system was deployed and was considered a success but once the commercial
market had moved on, the ongoing cost of maintenance and support for the
defence variant became prohibitive.

Following on from this, Honeywell was funded by Dod to produce a new
secure computer system (called SCOMP) and this again received
certification.  But it was never deployed (AFAIK) because it was
realised that the costs of ongoing support would fall entirely on DoD.

In the UK we also developed secure versions of commercial OS but they
were never deployed for exactly the same reason.  We considered the use
of a version of Mach (T-Mach) as well as the possible development of a
version of Windows NT for which I remember obtaining a large but
actually very reasonable cost estimate from Microsoft for the additional
work that would be needed to obtain UK defence certification.

But we soon realised that, even though we could afford to fund the
development of either of these, we would simply be repeating the same
cycle again -- we would just find ourselves several years behind the
commercial market with an obsolesent product whose support costs would
be astronomic and which would fall entirely on the defence budget.  So
we ditched the idea before it saw the light of day and switched to the
funding of security enhancements in commercial systems without creating
defence variants.

   Brian Gladman

More information about the cryptography mailing list