Re: Crypto Facility performance.

Tue, 23 Apr 2013 13:24:00 -0700 

W dniu 2013-04-23 18:07, Tony Harminc pisze:

On 23 April 2013 09:42, Phil Smith <[email protected]> wrote:


Thanks for this, Todd. VERY interesting. The fact that System z adds this 
restriction seems odd. I'm sure you would have commented on it if you were able 
to; I can only speculate from here that it's either (a) a conservative 
approach, to keep mixed use from causing unsatisfactory performance for one 
camp or the other (e.g., a ton of SSL handshakes causes PIN operations to be 
slow, or vice versa) or (b) a desire to sell more cards! Any other ideas, folks?


One might speculate that it could be harder to prove the
correctness/integrity of the whole system when the card is used in
mixed mode.

Which of course raises the questions of how well the card interfaces
are documented


There are NOT documented, which is clearly documented.

, and whether the cards are available for other

platforms.
Yes, obviously. There have been since first model (PCICC). Actually all mainframe cards are PCI, PCIX or PCIe cards inserted in IBM card case. The same models were available for other platforms including iSeries, pSeries and xSeries (PCs). It's called 46xx.
Of course it's nothing specific - OSA cards are also PCI cards (from Intel) with some additional logic and additional case, not to mention additional price ;-) 


Can anyone buy one, or only System z customers?
Yes, as I wrote above. IMHO you can buy such card even to your desktop PC, despite of its brand name. 



Some years
ago researchers at Ross Anderson's security lab at Cambridge mounted a
successful attack on earlier IBM crypto APIs, and I seem to remember
there was a time when they were offering a bounty of some sort for a
new card.


Can you provide any details? Maybe some link?



--
Radoslaw Skorupka
Lodz, Poland






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. 
BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax 
+48 (22) 829 00 33, www.brebank.pl, e-mail: [email protected]
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2013 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.555.904 zotych. 


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to