All, >>[Shai] this standard will *not* include a comprehensive analysis of threat >>models and attacks It is a shame, that such an analysis has not been produced yet (independent of whether it would be a part of the standard text or not). Without a threat model, we all speak about different things and don't know, what we want to solve, how good our solution is, etc. I am sorry, that Serge did not explain the goal of the current proposal earlier. It could have saved a lot of work and emails.
PLEASE DISREGARD ALL OF MY PREVIOUS COMMENTS AND EMAILS! They were based upon the false assumption that the proposed standard would be of a value for our company. As I learned today, the main security objective of the proposal is to provide "some protection against copy and paste operations". It is not a threat for a disk internal comprehensive security solution, but only for external (controller) based encryption. >>[Shai] If...your company will think that the standard is not adequate, you >>will have to vote against it. I am not paid to assess standards, which are not relevant to our products. Furthermore, without clearly stated goals, threat models, constraints I cannot tell, if the proposal is adequate or not. I only have one objection: it should not be called "Security in Storage" standard, because it only addresses a very narrow segment of the business, it does not provide protection against important threats. A more adequate name would be "Storage Security Provided by External Devices". Laszlo Hars Seagate Research > -------- Original Message -------- > Subject: Re: "the most important applications" > From: Shai Halevi <[EMAIL PROTECTED]> > Date: Tue, January 17, 2006 9:58 pm > To: SISWG <[EMAIL PROTECTED]> > > Laszlo, it is all but certain that this standard will *not* include a > comprehensive analysis of threat models and attacks. Such analysis > is necessarily subjective, and trying to put it in is a sure way of > killing the standard. I disagree with several of the assertions that > you made, but I don't think that arguing the specifics is very productive > because I think that they are outside the scope for the standard that > we are trying to produce. > > The standard will likely include a rationale section, and that section > will likely include something about traffic-analysis as a threat, as > well as cut-and-paste and a few others. You are welcome to contribute > to that section some text that describes attacks (but keep in mind that > this section have to be kept quite short). Also, text that implies that > the standard is limited to specific technologies or cannot be used > externally to the disk is likely to be rejected. > > If after all that, your company will think that the standard is not > adequate, you will have to vote against it. > > -- Shai
