[145491] in cryptography@c2.net mail archive
Re: A slight modification of my comments on PKI.
daemon@ATHENA.MIT.EDU (Arshad Noor)
Wed Jul 28 23:44:18 2010
Date: Wed, 28 Jul 2010 20:36:46 -0700
From: Arshad Noor <arshad.noor@strongauth.com>
To: cryptography@metzdowd.com
In-Reply-To: <20100729023450.BA76F33EB8@absinthe.tinho.net>
dan@geer.org wrote:
> Regulatory compliance, on the other hand, stipulates N==0 failures
> and is thus neither calibratable nor cost effective. Whether
> the cure is worse than the disease is an exercise for the reader.
I do not believe regulations require that there be zero compromises
to systems, Dan. On the contrary, I believe the goal of any regulation
is to ensure that there is a minimum level of calibration across the
industry. In the absence of regulation, calibration would be all over
the map; while experienced companies with adequate resources might be
better calibrated, the less-experienced or less-resourceful companies
would start the dominoes falling and inadvertently bring down even the
well calibrated companies. Regulations can help with preventing that
first domino from falling if implemented effectively.
Arshad Noor
StrongAuth, Inc.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
