What risk is being defended against here?

Perry E. Metzger perry at piermont.com
Sun Jan 11 13:26:40 EST 2009

Jerry Leichter <leichter at lrw.com> writes:
> When we arrived, we learned that she would not be allowed into the
> test room without *one* of the following:
> 	- A photo ID
> 	- A copy of the verification letter sent to her
> The verification letter is actually available - even now, after the
> test is complete - on a web site.
> So ... just what risk is being defended against here?

The risk being defended against is a reprimand against some bureaucrat
for not "doing enough" to maintain test integrity. By demonstrating
that they have "tight procedures" etc., they can deflect blame if any
sort of cheating scandal occurs.

In general, most such rules are designed for JobSec, not for
ActualSec. In that light, a wide variety of stupid bureaucratic
behavior becomes not merely explicable but obvious.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list