[3092] in cryptography@c2.net mail archive
Re: Tristrata?
daemon@ATHENA.MIT.EDU (Adam Shostack)
Mon Jul 27 11:21:35 1998
From: Adam Shostack <adam@homeport.org>
In-Reply-To: <3.0.3.32.19980726145145.00702f94@smiley.mitre.org> from Bill Neugent at "Jul 26, 98 02:51:45 pm"
To: wneugent@mitre.org (Bill Neugent)
Date: Mon, 27 Jul 1998 08:49:26 -0400 (EDT)
Cc: mjr@clark.net, cryptography@c2.net
I'll suggest that however clever they are, if they're talking
about deploying an unpublished algorithm, they're allowing their
business sense overwhelm their understanding of the process of how
crypto research should proceed. I believe the greeks called this sort
of thing hubris.
Adam
Bill Neugent wrote:
| Marcus,
| "Apparent snake-oil" was my first reaction until I talked with them. Some
| of us had a meeting with the TriStrata principals to discuss it. They have
| credentials. Dr. John Atalla, the TriStrata founder, was the founder of
| Atalla and before that a cofounder of HP Labs. A lead tekkie is Don Adams,
| who was the principal security architect at Sun Federal. Bill Atalla,
| John's son (although there's no "And Son" on the company name) is in charge
| of business development. There's no doubt they talk a slick game,
| especially John, who is pitching this straight to major CEOs and does a
| terrific job at that.
|
| I joined some smart crypto fellows to talk with these guys in some
| technical detail and we decided that they had something new that might be
| credible and was worth further hands-on scrutiny. Some of that hands-on
| scrutiny is now starting and that's probably about all I can say about it.
| So, why don't I say something technical? Because the stuff they told us,
| along with their product, is all proprietary. Based on the news release and
| trade rag coverage, you can openly read that it's an alternative to PKI,
| designed for better performance and scaleability, but that still requires
| application-enabling (of course) and is still proprietary. If the stuff
| proves out, it's the kind of thing that might make sense within a
| homogeneous enterprise.
|
| I'm only sending this so that the TriStrata guys don't get put in the same
| pigeon hole as those fellows who brought us the Blitzkrieg server (not that
| I have anything against that pigeon hole, which I give very high marks for
| entertainment).
|
| Bill
|
| At 07:35 PM 7/24/98 -0400, Marcus J. Ranum wrote:
| >Anyone care to comment on an apparent snake-oil encryption
| >scheme being plugged by Tristrata? (www.tristrata.com)
| >The claims are the usual "one time pad" with automatic
| >"key management" (uh-huh) -- it sounds to me like a
| >hardware autokey that's seeded by something they are
| >calling a "seal" Is this the same kinda crap that
| >the Assymmetrix(sic) clowns were pushing 2 years ago
| >or have they come up with some new kind of brain damage.
| >They're actually marketing this stuff as an OTP and
| >have actually gotten a few industry analysts excited
| >about it (which is how I heard about it)
| >
| >Anyone care to guess what this thing is?
| >
| >mjr.
| >----
| >home: http://www.clark.net/pub/mjr
| >work: http://www.nfr.net
| >
| >
| >
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
