d...@geer.org wrote:
Regulatory compliance, on the other hand, stipulates N==0 failures and is thus neither calibratable nor cost effective. Whether the cure is worse than the disease is an exercise for the reader.
I do not believe regulations require that there be zero compromises to systems, Dan. On the contrary, I believe the goal of any regulation is to ensure that there is a minimum level of calibration across the industry. In the absence of regulation, calibration would be all over the map; while experienced companies with adequate resources might be better calibrated, the less-experienced or less-resourceful companies would start the dominoes falling and inadvertently bring down even the well calibrated companies. Regulations can help with preventing that first domino from falling if implemented effectively. Arshad Noor StrongAuth, Inc. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
