Wednesday, August 17, 2022


I haven't blogged in 3 months, so I thought I would create a short post this evening.

One thing that I've noticed in my behavior lately is that I often say "I understand" versus "I agree." Latter implies I have a vote on the topic. I also find myself demonstrating the behavior that "as you age in industry you become more 'historian' than 'expert'". But the plurality of ambitious folks who believe they are 'expert' often fight when you lean too much into history mode. Their behavior reminds me of the quote 'the person may be wrong but is never in doubt.' 

As I get older I am tacking the opposite direction of confidence in all matter.  I find I doubt things more as I apprehend the huge swaths of knowledge I haven't penetrated on this life journey. I don't like Bukowski's "The problem with the world is that the intelligent people are full of doubts, while the stupid ones are full of confidence." quote in this area, though. It implies the issue involved is one of intelligence. I rather prefer to chalk it up to intellectual humility. 

Hopefully I demonstrate some of that behavior in my interactions. If I were up to the challenge of watching myself on video, I'd audit my revisit to Chips & Salsa I recall blogging about that venue a while back, too.

Regarding a topic area that reminds me of the of breadth of knowledge and progress, I'd like to recall the post quantum cryptography (PQC) talk Readiness for PQC includes recent UEFI specification code-first readiness and A 2022 augmentation of a feature first conceived 15 years ago

I was enthralled with the various RT's.  Roots of Trust for Storage & Reporting (RTS/RTR) in the TPM, Root of trust for measurement (RTM) and Root of trust for enforcement/verification (RTE/V) for the platform firmware. This predated the RTU and RTD from years later.

Beyond UEFI there are other industry standards that require PQC accommodations. These include protocols like SPDM The cryptography eprint posted today describes some of this work. This is definitely an 'application' of cryptography versus cryptographic research. The latter is especially challenging, as demonstrated by recent findings like I am a fan of this type of analysis. I did feel a little bit like we were guilty of Pike's 2000 diatribe "Mostly, though, it's just a lot of measurement"

This news story reminded me of former co-worker Ernie Brickell's knapsack paper Ironically Merkle is related to a present co-worker and I was able to grab an autograph for my book on Merkle's original knapsack work

Ernie was a rare combination of PhD and leader. I still recall Ernie trying to recruit me to join his team a decade ago. Ernie did fascinating work on zero-knowledge proofs, including co-inventing Direct Anonymous Attestation (DAA) that was eventually included in the TPM 2.0 specification. Definitely a different eprint than item mentioned at top of this blog Ernie also introduced me to David Chaum of zero-knowledge proof fame, too, at an Intel event. 

One cautionary tale I learned from Ernie was avoiding going all in on a given position. The combination of drive, technical depth, and passion for a topic can create a lot of p=mv momentum when slamming into the walls that one often finds in bigCo.  

Speaking of years ago, I am happy to see progress toward the vision of 

from page 143 of This is yet another reminder that the march of technology takes a long time. 

No comments: