[107659] in Cypherpunks
Notes from RSA99 Exhibit 1/19 - 1/20
daemon@ATHENA.MIT.EDU (bill.stewart@pobox.com)
Wed Jan 20 14:56:33 1999
From: bill.stewart@pobox.com
Date: Wed, 20 Jan 1999 11:10:20 -0800
To: cypherpunks@cyberpass.net
X-UPAS-Original-From: Bill Stewart <bill.stewart@pobox.com>
Reply-To: bill.stewart@pobox.com
The RSA Show has exhibits open to the public for the first time,
at the usual "$50 but you can get free passes" rate.
Wednesday's exhibits run til 3:00, and the IBM party is tonight.
Big events:
- DES Crack in 22 hours - Distributed.net + EFF Deep Crack
- France announces legalizing 128-bit crypto
Some things I saw at the show:
- VPNs - a couple dozen vendors, with variants on IPsec,
client-to-firewall and net-to-net tunnels.
A few people were offering SSL-based tunnels.
The big differentiators were usually
"convenient administration" or "high performance".
- CAs - a couple dozen certificate authorities, mostly X.509 hierarchical.
Valicert occupies the Certificate Revocation List niche,
providing both a global blacklist service and tools for
CAs to build their own CRLs
- Smartcards - a couple were interesting
- Schlumberger Java Smartcard with 16KB RAM.
- Certicom smartcard with Elliptic Curve public key
- CrypTEC has a small modular OS with cryptographic authentication
for OS upgrades. They've also got a card with 1MB
of Drexler lasercard write-once memory.
- iButton (somehow I missed their booth)
- Application-level systems - secure email (S/MIME or proprietary),
plus things like a chat server.
- EFF booth - Deep Crack is there, plus Tshirts, books, etc.
- Toolkits - lots of vendors of software, some chips
- Firewalls, security scanners, etc. -
Adam Shostack has a SATAN-like system HackerShield, with cool TShirt.
- Accelerator boards - Rainbow, RedCreek, IBM, some others.
- Consultants - lots of them
- Snake Oil - The NSA and NIST are there, with Demo CDs.
I only saw one other well-known snake-oil vendor [name deleted].
One cute if marginal authentication product replaces
passwords/pins with a bunch of faces that you pick from;
4 sets of nine faces isn't real high security, though it's
harder to steal the face data than a PIN, but you
may be able to build some security around their toolkit
Plus Mimesweeper.com's censorware product claims to prevent
your employees from sending legally questionable email,
with content scanning and destination checking;
followons will do crypto signatures, presumably correctly.
Trinkets:
- The IBM coffee mug supply appears to have run out
- Tshirts, some good, some boring
- a few puzzle-like things
- Rubik's Cube from the Faces people
- The baseball hat from Cybersafe was ok, and nice given the heavy rain.
- Espresso at Baltimore and XCert
- various drawings for palm pilots, etc.
Demo CDs - Some software, some video presentations
- NSA propaganda video
- NIST's NIAP commercial product evaluations
- Cylink Syncrypt - strong product but 40-bit demo
- Everlink - SSL-based conferencing and SOCKS things
- Valicert revocation list suite and other stuff
- Mimesweeper censorware - video + data
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
