A slight modification of my comments on PKI.
Arshad Noor
arshad.noor at strongauth.com
Wed Jul 28 23:36:46 EDT 2010
dan at geer.org wrote:
> Regulatory compliance, on the other hand, stipulates N==0 failures
> and is thus neither calibratable nor cost effective. Whether
> the cure is worse than the disease is an exercise for the reader.
I do not believe regulations require that there be zero compromises
to systems, Dan. On the contrary, I believe the goal of any regulation
is to ensure that there is a minimum level of calibration across the
industry. In the absence of regulation, calibration would be all over
the map; while experienced companies with adequate resources might be
better calibrated, the less-experienced or less-resourceful companies
would start the dominoes falling and inadvertently bring down even the
well calibrated companies. Regulations can help with preventing that
first domino from falling if implemented effectively.
Arshad Noor
StrongAuth, Inc.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list