[Cryptography] [FORGED] Re: Escrowing keys

Phillip Hallam-Baker phill at hallambaker.com
Tue May 2 14:50:25 EDT 2017

On Sun, Apr 30, 2017 at 9:56 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>

> Phillip Hallam-Baker <phill at hallambaker.com> writes:
> >My two daily driver cars are a couple of Jaguar convertibles built in
> 1999.
> >They are surprisingly reliable
> >My two daily driver cars are a couple of Jaguar convertibles built in
> 1999.
> >They are surprisingly reliable
> That's not necessarily a ringing endorsement, "for Jaguars (something where
> Lucas Electric was involved), they are surprisingly reliable".  That's like
> "this Windows server has an uptime of nearly two weeks" or "I actually got
> a
> second day of battery life for my phone the other day".

​The electrics are all made in Germany,​

> getting back to the OP, there's hardware out there that not only can be
> trusted beyond ten years, it'd be regarded as defective if it didn't last
> ten
> years.  Or twenty.  Or thirty.

​My MGB does have Lucas electrics, being essentially relay based the
reliability is poor but the repairability is high.​

​The reason I don't want to trust my keys to a black box is that I have no
way to repair it. However low the probability of a fault is, there is no
 way to recover from it.​

> Or, in the case of relay ladder logic controllers, eighty or a hundred.
> This sort of life cycle is more or less impossible for crypto people to
> understand [1].  Conversely, SCADA/industrial control people understand the
> life cycle but not crypto.  This is why we have so much SCADA gear that's
> an
> OWASP top-ten antipattern

​I used to be a control engineer.

It isn't really the case that control systems were expected to last a
hundred years. Most would be ripped out and replaced on a regular basis.
But they are designed in a very different way to most network software.
They don't use encryption because they want every signal to be observable.
But they are very interested in adding authentication.​

In their world it isn't

Confidentiality Integrity Availability

It is:

Confidentiality << Integrity < Availability
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170502/617fdc7c/attachment.html>

More information about the cryptography mailing list