[Cryptech Tech] arm

[Rob Austein]

At Mon, 12 Jan 2015 07:50:50 +0100, Randy Bush wrote:
> 
> we're gonna have to interface to the board somehow.  do we risk an
> ethernet ip stack or a usb where the supported conversation is the
> syntax and semantics of a cryptlib interface to pkcs#11?

Nits:

- We're currently talking about two parallel conversations across the
  green/yellow secure perimeter:

  1) Cryptlib's own RPC protocol (the PKCS #11 shim is up in yellow);

  2) Jakob's management interface, which is basically a command line.

- Ethernet does not necessarily imply a full IP stack: one can do all
  sorts of strange things if one knows that it's only intended to be
  plugged into another host running custom software via a crossover
  cable.  Whether doing something weird is worth it is another matter
  entirely, but in this case it might give us useful options.

I halfway seriously proposed RS-232 for (2), but apparently the cool
kids won't accept that anymore.  Given that this is an internal
hardware interface between green and yellow layers I'm not sure I buy
the argument, we can always convert to USB outside the secure
perimeter (one can still buy USB-to-RS232 converters off the shelf at
the local office supply chain store, or online for under 10USD).

More serious question, though: what's the least bad hardware interface
we can use across the security perimeter?  Eg, would doing our own
UDP-like encapsulation over raw ethernet frames be better than USB?