[Cryptography] Cheap forensic recorder

Phillip Hallam-Baker phill at hallambaker.com
Mon Mar 9 12:40:28 EDT 2015

On Sat, Mar 7, 2015 at 5:37 PM, Emin Gün Sirer <el33th4x0r at gmail.com> wrote:
> 6. Trusted != trustworthy.

And guess who was unpopular at the kick off meeting for the Trusted
Computing Group when he made that point?

MSDOS was trusted, didn't make it trustworthy.

Overall, this discussion would have been better informed if the assumptions
> and requirements were stated up front. As with most real-world security
> discussions, they trickled out piecemeal.

Which is how I use this list. If I knew what the requirements were I would
have the solution.

Most people find it difficult or impossible to really discuss requirements
without some sort of strawman solution. Like my college tutor, Tony Hoare
used to keep pointing out to us, a waterfall model of developing the
perfect requirements statement followed by the perfect specification and
then implementaion almost invariably fails.

A while back I wrote to him pointing out that it actually works pretty well
for the consultants as a way of extracting money from their
victims/clients. I haven't fallen for that one directly but I have been
involved in acquisitions where the first thing you have to do is to tell
the manager to fire the company they paid $10 million for a project that
has delivered nothing but specifications and the next thing you do is have
someone fire the manager.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150309/2ef42390/attachment.html>

More information about the cryptography mailing list