[2799] in cryptography@c2.net mail archive
Re: DRUDGE-REPORT-EXCLUSIVE 5/20/98 (fwd)
daemon@ATHENA.MIT.EDU (Bill Stewart)
Mon Jun 8 09:24:05 1998
Date: Sun, 07 Jun 1998 00:14:49 -0700
To: Chris Liljenstolpe <cds@mcmurdo.gov>, cryptography@c2.net
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <19980603063413.C14619@erebus.mcmurdo.gov>
At 06:34 AM 6/3/98 +0000, Chris Liljenstolpe wrote:
>On Mon, Jun 01, 1998 at 01:20:14AM -0700, Bill Stewart wrote:
>> Tamper-resistance is nice, but public-key technology means you don't
>> _care_ if the Other Guys read your ROMs, because there's nothing secret needed.
...
>Ahh - you do want to prevent them from reading your private key from
>the PROM. As a general rule, REAL crypto hardware, even if it is
>public key, is tamper-resistant, tamper-evident, tamper-zeroizing....
The best way to protect secrets is to avoid having them.
You only need a private key if you're going to sign or decrypt things.
The main need for crypto in a satellite is validating commands
sent to it from the ground, to prevent Bad Guys from giving it bad orders.
That means you need the public key of the authorized ground-based users.
As long as you can prevent the ground crew from replacing the public key,
you're safe, and if they _can_ tamper with your equipment,
crypto modules aren't the only things they can replace....
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
