Interesting bit of a quote
John Kelsey
kelsey.j at ix.netcom.com
Thu Jul 13 10:57:20 EDT 2006
>From: Anne & Lynn Wheeler <lynn at garlic.com>
>Sent: Jul 11, 2006 6:45 PM
>Subject: Re: Interesting bit of a quote
...
>my slightly different perspective is that audits in the past have
>somewhat been looking for inconsistencies from independent sources. this
>worked in the days of paper books from multiple different corporate
>sources. my claim with the current reliance on IT technology ... that
>the audited information can be all generated from a single IT source ...
>invalidating any assumptions about audits being able to look for
>inconsistencies from independent sources. A reasonable intelligent
>hacker could make sure that all the information was consistent.
It's interesting to me that this same kind of issue comes up in voting
security, where computerized counting of hand-marked paper ballots (or
punched cards) has been and is being replaced with much more
user-friendly DREs, where paper poll books are being replaced with
electronic ones, etc. It's easy to have all your procedures built
around the idea that records X and Y come from independent sources,
and then have technology undermine that assumption. The obvious
example of this is rules for recounts and paper record retention which
are applied to DREs; the procedures make lots of sense for paper
ballots, but no sense at all for DREs. I wonder how many other areas
of computer and more general security have this same kind of issue.
--John Kelsey, NIST
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list