[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC 2527 Physical Security Controls Question

To: "John C. Kennedy" <jkennedy@xxxxxxxxxxxxxx>
Subject: RE: RFC 2527 Physical Security Controls Question
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 14 Dec 1999 16:10:02 -0500
Cc: <ietf-pkix@xxxxxxx>, <pki-twg@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <>
References: <>

John,

I don't mean to sound like a sales person, but the observations you made were part of what motivated the design of the SafeKeyper in the early 90s, as a CA crypto module. To the extent that one can address physical security concerns with compact, technical security solutions, a lot of money can be saved, and a lot of attacks can be thwarted. FIPS 140-1 does not address all of the concerns that are now part of the open literature, even at levels 3 and 4. I expect 140-2 will up the ante on evaluation to better address some of these attacks. Fortunately, we designed our module to be resistant to such attacks because of our experience in the military crypto arena, and our understanding of what one might do with sufficient resources and expertise ...

Steve

References:
- RE: RFC 2527 Physical Security Controls Question
  - From: John C. Kennedy

Prev by Date: RE: RFC 2527 Physical Security Controls Question
Next by Date: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs
Previous by thread: RE: RFC 2527 Physical Security Controls Question
Next by thread: RE: RFC 2527 Physical Security Controls Question
Index(es):
- Date
- Thread