ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FW: ADSM Traffic encrypted?

2000-02-18 07:30:06
Subject: FW: ADSM Traffic encrypted?
From: "Lambelet,Rene,VEVEY,FC-SIL/INF." <Rene.Lambelet AT NESTLE DOT COM>
Date: Fri, 18 Feb 2000 13:30:06 +0100 
Hello dear *SMers and dear *SM-developpers,

> Obviously 56bit encryption is better than nothing but if Microsoft can get
> permission for a company like ours to have 128bit encryption surely Tivoli
> could do something similar. I do not know the details of *SM but if I were
> the product manager I would have an encryption bolt-on which would allow
> me to adapt to local circumstances. 
> 
> This being said there will be problems as far as multinational sites are
> concerned. For instance, in the past France has been one of the most
> restrictive countries concerning encryption. But this may have changed in
> the mean-time.
> 
> If we are talking purely Switzerland, and for internal onsite environment
> traffic only, I would not worry too much. If I were a hacker in our
> environment there would be easier ways of getting the information than
> attacking the back ups!
> 
> I do not know of any attempts to break the *SM compression & encryption
> and it may be correct to say that it would be difficult. If somebody
> obtained a cartridge with backups and really wanted to obtain the
> information they would put the resources to it (Government agencies -
> industrial espionage etc.) whereas the "casual" attacker would probably
> give up. It is possibe that Tivoli will change their approach in the
> future, as Don Warren states they have to start somewhere!
> 
> Best regards
> 
René Lambelet
Nestec S.A. / Informatique du Centre 
55, av. Nestlé  CH-1800 Vevey (Switzerland) 
*+41(021) 924 3543  7 +41 (021) 924 4589  * B 133
mail to: rene.lambelet AT nestle DOT com 

        This message is intended only for the use of the addressee and 
        may contain information that is privileged and confidential.

                -----Original Message-----
>               From:   Glen Hattrup [SMTP:ghattrup AT US.IBM DOT COM]
>               Sent:   Thursday, February 17, 2000 9:19 PM
>               To:     ADSM-R AT VM.MARIST DOT EDU
>               Subject:        Re: ADSM Traffic encrypted?
> 
>               Wayne,
> 
>               There are many factors that have to be considered in
> deciding the
>               encryption algorithm strength.  While the White House has
> just recently
>               relaxed procedures for encryption products, the procedures
> are still a time
>               consuming process.  And despite the media attention on the
> matter, not that
>               much has changed with export approval procedures.  As TSM is
> an
>               international product, there are other concerns that must be
> weighed in as
>               well.  For example, France has a separate import approval
> process that must
>               be followed in order to sell any encryption type product
> there.  Then there
>               are other countries where we currently sell, but whose
> policies on
>               cryptographic programs may change freely.  I won't detail
> everything that
>               must be done, but please recognize that selling "strong"
> encryption
>               products generates a tremendous amount of initial and
> long-term paperwork.
> 
>               Regarding 56 bit DES encyrption and "why bother".  I think
> you would agree
>               that some encryption is better than no encryption.  If
> nothing else, it
>               steps up the requisite skill level of an attacker to be
> succesful.  While I
>               won't argue that 56 bit DES is as secure as other
> algorithms, it does
>               provide another layer of security for the customer.  What
> about the issue
>               of standards?  The algorithm selected must not have any
> "holes" in its
>               encryption and must be thoroughly tested.  There are also
> performance
>               issues regarding algorithmic execution and stability of
> code.
> 
>               I don't mean this to provoke a debate on the merits of 56
> bit DES vs XYZ
>               algorithm.  Rather, there are many issues that must be
> weighed before we
>               change the encryption algorithm used by the product.
> 
>               Please continue to explain your security needs so that we
> may better
>               understand your requirements.
>
>               Glen Hattrup
>               Tivoli Storage Manager
>               Server Development Team
> 
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Tape Sharing, Eric Tang
Next by Date:  EBU/Solaris errors, Cpx SAMI
Previous by Thread:  Re: ADSM Traffic encrypted?, Richard Sims
Next by Thread:  ADSM Traffic encrypted?, Thomas Hans
Indexes:  [Date] [Thread] [Top] [All Lists]