[30859] in cryptography@c2.net mail archive
Re: Interesting bit of a quote
daemon@ATHENA.MIT.EDU (John Kelsey)
Thu Jul 13 18:42:32 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 13 Jul 2006 10:57:20 -0400 (GMT-04:00)
From: John Kelsey <kelsey.j@ix.netcom.com>
Reply-To: John Kelsey <kelsey.j@ix.netcom.com>
To: Anne & Lynn Wheeler <lynn@garlic.com>, dan@geer.org
Cc: leichter_jerrold@emc.com, cryptography@metzdowd.com
>From: Anne & Lynn Wheeler <lynn@garlic.com>
>Sent: Jul 11, 2006 6:45 PM
>Subject: Re: Interesting bit of a quote
...
>my slightly different perspective is that audits in the past have
>somewhat been looking for inconsistencies from independent sources. this
>worked in the days of paper books from multiple different corporate
>sources. my claim with the current reliance on IT technology ... that
>the audited information can be all generated from a single IT source ...
>invalidating any assumptions about audits being able to look for
>inconsistencies from independent sources. A reasonable intelligent
>hacker could make sure that all the information was consistent.
It's interesting to me that this same kind of issue comes up in voting
security, where computerized counting of hand-marked paper ballots (or
punched cards) has been and is being replaced with much more
user-friendly DREs, where paper poll books are being replaced with
electronic ones, etc. It's easy to have all your procedures built
around the idea that records X and Y come from independent sources,
and then have technology undermine that assumption. The obvious
example of this is rules for recounts and paper record retention which
are applied to DREs; the procedures make lots of sense for paper
ballots, but no sense at all for DREs. I wonder how many other areas
of computer and more general security have this same kind of issue.
--John Kelsey, NIST
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
