[Cryptech Tech] goals / use cases

Joachim Strömbergson joachim at secworks.se
Fri Jan 30 08:59:09 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Peter Gutmann wrote:
> Warren Kumari <warren at kumari.net> writes:
> 
>> Have we documented the actual threat model anywhere?
> 
> No, and this segways with my earlier grumbling about lack of (or at
> least very vague) technical requirements.

I guess Basil is smiling right now. Security target, threat model are
areas we have not been very good at working at, that is true. Basil has
been nagging about this quite a while. Jakob has been doing a lot of
thinking about this though I think. But I agree that we need to do much
more here.

The requirement spec work I and Jakob is working on is supposed to lead
up to both some sort of security target as well as technical
requirements for the alpha boards. Requirements derived from the primary
use cases including functionality (Interface types, RSA-4096, SHA-256
for example), capacity (1000 keys, XYZ MByte storage for SW) and
performance (100 sign operations/s, MNO Mbps communication with host).
The Tor discussions yesterday was at least a start at breaking down one
use case.

But at the same time we are saying that we want to move forward and
learn by doing. Create some sort of wired together prototype that we can
work on, test etc to see what performance we actually get from the CPU
(for example.).

So how do we improve the process?
- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUy0fdAAoJEF3cfFQkIuyNTzkQAJRSks6oJOnRpCK7uUZsvzDP
WaIUVc9lRLzeYuEatEft6D9W6Oylw+fDBLi08NoLqM6VHskT3MKLpT0WftPp06o7
fISUmZlnXA3t5DDP209LKN4yocGkzV77s43ISHT43yOundrwzk4hNjH3puEJ0C/7
jePphN10kyyFHJ2Z3tZ95sgAs9NTHoq7oAUm0GpGBrq3ppfZbkI7KE0G+uuHsSI0
HqYE0RqVJ6/qrLlw18xNjgEG0ARwGZ+wIVL4YKaJfxf/HI9hF5tHNQy7D+D4lS7K
zQj+WpwEeTV5eMpK1HNUV55cJViNhHoFveg4pwJaBz1mNECZJh2bEJVj2MqxRzY4
cHQotpeef1CfjNIZFNltANx4d2QCz5shvGzNu2SoJO2ZVd7GpsxsbkTSVx3g41aX
FmeXCNFvOCNUwbiNirE5IvsnRn2LdhIcjOdU/6UINUpLdHjMpNaZSVmn+woFtpuh
FpZkhfgFUU8KdzyXuU2OuWoDTj9RHW7iFE9xGqda27pQ5nLWOGtv5eZOaYgx1cgH
W4XYzaBpfrsA9wYb+3ftBV7I3DkXM3Fd//4UsWwx25REj7+SuPEsjRNpRXy59x9V
big4vnhsNE6xSGjNQceDi4CN1bHI4nhnPe6Sk/gRJFlSdVEKoBVaFczkmL7mF4dq
wDMEXeoEsr5kArZyMGjh
=dIF+
-----END PGP SIGNATURE-----


More information about the Tech mailing list