-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Stephen Sprunk" <stephen@sprunk.org> wrote:
Such secondary procedures are okay in the banking world, where you can back out transactions that an audit reveals are fraudulent after the fact. The same does not apply to letting persons across a border where you can't retroactively deny them entry after they've killed a bunch of people (and, most likely, martyred themselves). It's the same problem with voting systems, actually: the anonymity requirements mean all security hinges on making sure only authorized people vote, and only once at that; you can't back out fraudulent votes after they're cast, which is why all of the attacks are on the authorization system and being undetected in an audit doesn't matter.
It does matter. Unfortunately, find ourselves in a position where easy business decisions allow people to make very bad technical decisions, and put the integrity of their network security directly in the path of "test". "Test" is not a good business decision, because if there is a possibility where things can be compromised, generally they will be. We (collectively) have done a very fine job of delivering functionality first, and security secondly. That puts most of us in the position of the 'Little Dutch Boy', with our finger in the security dike. So, having said all that, it's pretty difficult to figure out where the problems and solutions actually meet. We're actually at a very difficult cross-roads right now. Cheers, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFGymB3q1pz9mNUZTMRAssqAJ4+J5jhtDoFWO81cjSvZ9JXArTMqgCguyzL R3oyka3IzcgVPtiFaYNOUUo= =2oUE -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/