At 08:23 PM 3/29/2007, Allen wrote:
Steve,
I assume that you mean the owner of the on-line financial service when you
say "operator," correct? In which case what exactly are the auditors going
to be looking at when comes time to audit but the operator's identity,
whereabouts, the servers and a portion of the assets are undisclosed?
As we have seen in the prosecutions of large corporation officers knowing
their identity is no guarantee that stakeholders will not be
defrauded. Can you explain why knowing the server whereabouts is
required? Certainly there are cryptographically sound ways (e.g., time
stamps from independent and trusted sources, hash chaining, etc.) that anon
DBC mints can provide transaction logs that can be publicly examined and
verified without ever touching the server.
In a basic sense auditing is to see if the reality behind the books
matches the books. That the number of sheaves of wheat you have in the
warehouse match the number you have in the office. If you can not locate
the reality what are you verifying?
The scenario described and method I proposed I think do address the
identification of assets. I maintain that random sampling can, when
properly carried out, provide a mathematically sound confidence of the
total size of assets.
I think, rather than governance, this goes to the heart of trust in
relationships. Governance to me is more the process of verifying that the
trust is not misplaced and that audits are simply one way, but only one of
many ways, of quantifying the level of trust one can have in the relationship.
Agreed.
Steve
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
