[Cryptography] [FORGED] Re: Escrowing keys

james hughes hughejp at me.com
Thu May 4 16:18:43 EDT 2017

> On May 4, 2017, at 12:00 AM, Benjamin Kreuter <brk7bx at virginia.edu> wrote:
> On Tue, 2017-05-02 at 19:10 -0400, Viktor Dukhovni wrote:
>>> On May 2, 2017, at 2:50 PM, Phillip Hallam-Baker <phill at hallambaker
>>> .com> wrote:
>>> It isn't really the case that control systems were expected to last
>>> a hundred years.
>>> Most would be ripped out and replaced on a regular basis.
>> https://www.nytimes.com/2017/05/01/nyregion/new-york-subway-signals.h
>> tml
>>    On a recent evening, Mr. Habersham walked along the train tracks
>> near 34th Street
>>    in Manhattan as workers replaced antiquated switches and cables. A
>> signal system
>>    should last about 50 years, he said, but the one that guides
>> trains through this
>>    slice of Manhattan has been in place for about 80.
> That is not quite right; while the design of that equipment is decades
> old, most of the parts have to be replaced periodically.  Those
> machines are electromechanical and they have all the failures one would
> expect of gears, levers, and vacuum tube relays.

And there is an overlay of Siemens PLCs (same ones that Stuxnet attacked) which is probably not upgraded as often as people on this list expect.

That said, what about any mechanical system that is designed for 50 years with computer control? At this time, the IoT market assumes low cost throw away things. This is not universal.  Stuff deployed on a light pole is IoT but will not be low cost or throw away. 

IoT without the ability to upgrade the software is a toy and if it is not a toy there should be repercussions for the vendor.

Case in point that I have (indirect) experience with. The original 747 inertial guidance computer was a GM Delco Magic computer, which in 1960 was transistors and core memory and monitored a gyro stabilized mechanical platform. That computer was operational for ~40 years before it was replaced by a more “current” inertial guidance computer using solid state sensors. The reason it was replaces was not the obsolescence of the computer, but the sensitivity of the gyro stabilized platform. During that time, the boards were replaced with newer technology while maintaining the same board level functionality. 

Another important point is that there has never been a commercial crypto system that has lasted more than ~40 years (Vernon cipher aside).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170504/b7867a19/attachment.html>

More information about the cryptography mailing list