sipp...@sg.ibm.com (Timothy Sipples) writes: > Together we sketched a picture of all this on a whiteboard so I could > understand what they had done. After we drew the picture, I asked this > simple question: "Is this secure?" After a very little bit of side > discussion, very quickly, they did two things: (1) they changed their > "security" policy, and (2) they went immediately to work to change > everything I just described.
early 80s, I had HSDT project doing T1 (1.5mbits/sec) and faster speed full-duplex links. IBM internal network was larger than arpanet/internet from just about the beginning to sometime mid-80s ... and the same technology was used for the IBM sponsored university BITNET (also larger than arpanet/internet for a time). It wasn't SNA ... until late 80s when the communication group was claiming that the internal network would stop working if not converted to SNA/VTAM ... which occured about the same time that BITNET converted to TCP/IP. Corporate also required that all links leaving IBM physical locations had to be encrypted ... which were external hardware link encryptors (mid-80s, major hardware link encryptor company claimed that IBM had over half of all the link encryptors in the world). On of my problems was I really hated what I had to pay for T1 link encrptors (a few thousand) and it was really hard to find faster link encryptors (less of problem for links supported by standard IBM controllers which were limited to 56kbit links). I eventually got involved in doing hardware link encryptor that would cost less than $100 to build and support at least 3mbyte/sec ... with some other tweaks. Initially the corporate crypto product group said that it significantly weakened the DES standard. It took me 3months to figure out how to explain what was happening (it was significantly stronger than standard DES, & not TDES) ... but it turned out to be a hollow victory. I was told that I could make as many as I wanted ... but there was only organization in the world that could use such crypto; i could make as many as I wanted to, but they all had to be shipped to an address in Maryland. It was when I realized that there was 3kinds of crypto in the world: 1) the kind they don't care about, 2) the kind you can't do and 3) the kind you can only do for them. Other trivia: doing mainframe DES in the early 80s for a full-duplex T1 required both processors of a dedicated 3081K doing nothing else but executing standard DES. There was also work on doing public key for email (PGP-like public key). Last product we did at IBM was RS/6000 HA/CMP (it originally started out as HA/6000, but I quickly changed name to HA/CMP when started working with national labs (technical/scientific) and RDBMS vendors (commercial) on cluster scaleup. Old reference on Jan1992 meeting in Ellison's conference room on 128-way cluster scaleup: http://www.garlic.com/~lynn/95.html#13 within a few weeks of the meeting, cluster scaleup is transferred, announced as supercomputer (for technical/scientific *ONLY*), and we are told that we can't work on anything with more than four processors. A few months later we leave. Later two of the Oracle people in the Ellison meeting have left and are at a small client/server startup responsible for something called "commerce server" and we are brought in as consultants because they want to do payment transactions on the server, the startup had also invented this technology they call "SSL" they want to use, the result is now fequently called "electronic commerce". I have absolute authority over everything from servers to payment networks ... and make several tweaks to the HTTPS implementation to improve integrity and availability ... but can only make recommendations on the browser/server side ... some of which are almost immediately violated ... contributing to problems, some that continue to this day. Second half 90s, I'm giving presentations on "Why Internet Isn't Business Critical Dataprocessing" at various internet meetings. Problems aren't TCP/IP design ... but various glitches in deployments by various organizations. -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
