[Cryptography] [FORGED] Re: Escrowing keys
Phillip Hallam-Baker
phill at hallambaker.com
Tue May 2 14:50:25 EDT 2017
On Sun, Apr 30, 2017 at 9:56 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> Phillip Hallam-Baker <phill at hallambaker.com> writes:
>
> >My two daily driver cars are a couple of Jaguar convertibles built in
> 1999.
> >They are surprisingly reliable
>
> >My two daily driver cars are a couple of Jaguar convertibles built in
> 1999.
> >They are surprisingly reliable
>
> That's not necessarily a ringing endorsement, "for Jaguars (something where
> Lucas Electric was involved), they are surprisingly reliable". That's like
> "this Windows server has an uptime of nearly two weeks" or "I actually got
> a
> second day of battery life for my phone the other day".
The electrics are all made in Germany,
So
> getting back to the OP, there's hardware out there that not only can be
> trusted beyond ten years, it'd be regarded as defective if it didn't last
> ten
> years. Or twenty. Or thirty.
>
My MGB does have Lucas electrics, being essentially relay based the
reliability is poor but the repairability is high.
The reason I don't want to trust my keys to a black box is that I have no
way to repair it. However low the probability of a fault is, there is no
way to recover from it.
> Or, in the case of relay ladder logic controllers, eighty or a hundred.
>
> This sort of life cycle is more or less impossible for crypto people to
> understand [1]. Conversely, SCADA/industrial control people understand the
> life cycle but not crypto. This is why we have so much SCADA gear that's
> an
> OWASP top-ten antipattern
>
I used to be a control engineer.
It isn't really the case that control systems were expected to last a
hundred years. Most would be ripped out and replaced on a regular basis.
But they are designed in a very different way to most network software.
They don't use encryption because they want every signal to be observable.
But they are very interested in adding authentication.
In their world it isn't
Confidentiality Integrity Availability
It is:
Confidentiality << Integrity < Availability
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170502/617fdc7c/attachment.html>
More information about the cryptography
mailing list