[14554] in cryptography@c2.net mail archive
Re: nCipher netHSM
daemon@ATHENA.MIT.EDU (Nicko van Someren)
Tue Oct 7 09:53:50 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 7 Oct 2003 14:51:58 +0100
Cc: cryptography@metzdowd.com
To: "R. A. Hettinga" <rah@shipwright.com>
From: Nicko van Someren <nicko@ncipher.com>
In-Reply-To: <p0600200bbba760d31eea@[66.149.49.6]>
Ronald,
I can confirm that there is no new code or hardware inside the
"cryptographic boundary" as validated by FIPS compared to the most
recent release of our PCI cards; all necessary changes to the HSM were
put in before the last re-validation of the cards. The UI components
themselves are outside the cryptographic boundary. That said,
communication with the HSM thought the screen and input devices on the
front panel does NOT pass through the computer inside the case but
instead goes through a micro-controller and into the serial port on the
PCI card HSM. This is analogous to the way things have always been
with out smart card readers plugged into the HSM which themselves were
not FIPS certified.
I hope this makes things a little clearer.
Cheers,
Nicko van Someren
CTO, nCipher
On Monday, Oct 6, 2003, at 19:11 Europe/London, R. A. Hettinga wrote:
>
> --- begin forwarded text
>
>
> Status: U
> To: "R. A. Hettinga" <rah@shipwright.com>
> Subject: Re: nCipher netHSM
> From: Ronald Perez <ronpz@us.ibm.com>
> Date: Mon, 6 Oct 2003 13:32:48 -0400
>
>
> This looks like new packaging of an old/previously-announced product.
>
> The NIST FIPS 140 site
> (http://csrc.nist.gov/cryptval/140-1/1401val2003.htm) does not list
> this device as having undergone any FIPS validation. And from the
> pictures and specs, it looks like what they did was to put one of
> their FIPS validated PCI cards into a 1U rack-mount format box --
> along with one or two 10/100 Ethernet connections, an LCD display,
> keyboard input, and some other buttons and knobs (all of which have
> not gone through a FIPS validation no doubt).
>
> -Ron
>
> --- end forwarded text
>
>
> --
> -----------------
> R. A. Hettinga <mailto: rah@ibuc.com>
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
