Shai, I did not repeat in the email everything, what I wrote in the discussion document, only the conclusion. If you have access control, you don't need tweaking any more (as Serge put it: to provide some protection against copy-and-paste attacks), therefore, half of the hardware (or the running time in software) can be saved. The extra circuits consume considerable power, which drain the battery of portable devices, necessitate better cooling and adds design-, test-, certification- and manufacturing costs. Even if the saving is only 10 cents per unit, in a market of 100 million drives it is a significant amount, which would be wasted if access control is added to LRW.
But there are other points, too, like the handling of odd size sectors adds extra delay to the critical path, which forces us to use faster clocks, which consume more power, etc. We also need the flexibility to leave some bits in the clear, which is trivial with counter mode but complicated to add to the current draft. When I said the current proposal is useless for non-removable storage, I did not mean it was not secure enough, but that it was unnecessarily expensive. In a highly competitive market we cannot afford to implement it. We MUST provide access control, so LRW is out of question. This means, the overwhelming majority of secure storage applications will not use P1619, if it stays as it is now. Adding counter mode and a paragraph about access control, which could be left unspecified, is not very hard. I am surprised to encounter such a resistance. But I am even more surprised, that nobody was even willing to discuss alternatives, or possible implementation or security problems I might have overlooked. Laszlo > -------- Original Message -------- > Subject: Re: P1619 - non-removable > From: Shai Halevi <[EMAIL PROTECTED]> > Date: Fri, March 24, 2006 9:56 pm > To: SISWG <[EMAIL PROTECTED]> > > Unfortunately I could not attend the last meeting, but my understanding > of the decision there was that no more changes to the draft will be made > before it is sent to IEEE. Was I wrong? (As far as I understand, the > IEEE process does allow more changes to the document before the vote > but these changes are not really something that comes from the working > group.) > > > [...] I can only > > repeat, what I have said several times: the current proposal is useless > > for the overwhelming majority of secure storage applications. I thought > > it was a damn good reason for changing the draft. > > I strongly disagree (and frankly I don't really believe that even Laszlo > thinks that). It is very clear to me that satisfactory access-control > can be added to systems that use LRW in "overwhelming majority" of > storage applications. > > -- Shai
