Re: CRIME Security experts nix Internet voting plan

From: Crispin Cowan (crispin@private)
Date: Sun Jan 25 2004 - 02:57:44 PST

Next message: Brian Varine: "Re: CRIME Security experts nix Internet voting plan"

Previous message: Andrew Plato: "RE: CRIME Security experts nix Internet voting plan"
Next in thread: Brian Varine: "Re: CRIME Security experts nix Internet voting plan"
Reply: Brian Varine: "Re: CRIME Security experts nix Internet voting plan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Plato wrote:

>>Beyond that, I can't really discuss any technical details of the system
>>    
>>
>>for obvious security reasons.
>>
>>That is not obvious. There is a lot of evidence that open systems are 
>>more secure than closed systems. OTOH, "... can't really discuss any 
>>technical details of the system for obvious *proprietary* reasons"  is
>>    
>>
>>obvious :)
>>    
>>
>
>Crispin, we're not talking about a word processing program or an open
>source version of Everquest here. This is a government system for
>elections. It's a little more important than some open source project.
>
That is a bogus argument: "open" either improves security, or it does 
not. If you want to argue that opening a design or implementation 
somehow harms security, make your case, but the "this is important ..." 
argument is a distraction from the issue. If it is important, then it is 
even *more* vital that it be open.

>And the state is doing something to ensure security. It mandated
>
Good. But that's not the issue.

>I also respect the scientific process. It's the core element of my
>company's methodology (see our web page.) The scientific process demands
>collaboration with peers. So at some point, Anitian probably will call
>upon the community for input and advice.
>
That is very good to hear.

> I don't know the level of that
>involvement, I'll have to clear that with the state. But, suffice to
>say, we're not doing this in a vacuum. Many of the ideas discussed right
>here are getting into the design meetings because I recognize their
>importance.
>
That also is good to hear.

But I still question the "secret for obvious reasons" assertion. The 
reasons are far from obvious. "Importance" doesn't cut it at all. Who is 
mandating the secrecy? The State, Sabre, or Anitian? Whoever it is needs 
to get some better advice.

>Consider the alternative...this project could be done by some huge out
>of state company who has no investment in Oregon at all. 
>
True, this is an upgrade over Maryland. Congratulations again to Anitian 
for being awarded a piece of this work. But if the implementation stays 
closed, then it is only a modest upgrade.

Crispin

-- 
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/

Next message: Brian Varine: "Re: CRIME Security experts nix Internet voting plan"
Previous message: Andrew Plato: "RE: CRIME Security experts nix Internet voting plan"
Next in thread: Brian Varine: "Re: CRIME Security experts nix Internet voting plan"
Reply: Brian Varine: "Re: CRIME Security experts nix Internet voting plan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 25 2004 - 03:56:10 PST