[3082] in cryptography@c2.net mail archive
Re: Tristrata?
daemon@ATHENA.MIT.EDU (Bill Neugent)
Sun Jul 26 15:42:50 1998
Date: Sun, 26 Jul 1998 14:51:45 -0400
To: "Marcus J. Ranum" <mjr@clark.net>
From: Bill Neugent <wneugent@mitre.org>
Cc: cryptography@c2.net
In-Reply-To: <Pine.GSO.3.96.980724192905.4756A-100000@shell.clark.net>
Marcus,
"Apparent snake-oil" was my first reaction until I talked with them. Some
of us had a meeting with the TriStrata principals to discuss it. They have
credentials. Dr. John Atalla, the TriStrata founder, was the founder of
Atalla and before that a cofounder of HP Labs. A lead tekkie is Don Adams,
who was the principal security architect at Sun Federal. Bill Atalla,
John's son (although there's no "And Son" on the company name) is in charge
of business development. There's no doubt they talk a slick game,
especially John, who is pitching this straight to major CEOs and does a
terrific job at that.
I joined some smart crypto fellows to talk with these guys in some
technical detail and we decided that they had something new that might be
credible and was worth further hands-on scrutiny. Some of that hands-on
scrutiny is now starting and that's probably about all I can say about it.
So, why don't I say something technical? Because the stuff they told us,
along with their product, is all proprietary. Based on the news release and
trade rag coverage, you can openly read that it's an alternative to PKI,
designed for better performance and scaleability, but that still requires
application-enabling (of course) and is still proprietary. If the stuff
proves out, it's the kind of thing that might make sense within a
homogeneous enterprise.
I'm only sending this so that the TriStrata guys don't get put in the same
pigeon hole as those fellows who brought us the Blitzkrieg server (not that
I have anything against that pigeon hole, which I give very high marks for
entertainment).
Bill
At 07:35 PM 7/24/98 -0400, Marcus J. Ranum wrote:
>Anyone care to comment on an apparent snake-oil encryption
>scheme being plugged by Tristrata? (www.tristrata.com)
>The claims are the usual "one time pad" with automatic
>"key management" (uh-huh) -- it sounds to me like a
>hardware autokey that's seeded by something they are
>calling a "seal" Is this the same kinda crap that
>the Assymmetrix(sic) clowns were pushing 2 years ago
>or have they come up with some new kind of brain damage.
>They're actually marketing this stuff as an OTP and
>have actually gotten a few industry analysts excited
>about it (which is how I heard about it)
>
>Anyone care to guess what this thing is?
>
>mjr.
>----
>home: http://www.clark.net/pub/mjr
>work: http://www.nfr.net
>
>
>
