At 08:23 PM 3/29/2007, Allen wrote:

I assume that you mean the owner of the on-line financial service when you say "operator," correct? In which case what exactly are the auditors going to be looking at when comes time to audit but the operator's identity, whereabouts, the servers and a portion of the assets are undisclosed?

As we have seen in the prosecutions of large corporation officers knowing their identity is no guarantee that stakeholders will not be defrauded. Can you explain why knowing the server whereabouts is required? Certainly there are cryptographically sound ways (e.g., time stamps from independent and trusted sources, hash chaining, etc.) that anon DBC mints can provide transaction logs that can be publicly examined and verified without ever touching the server.

In a basic sense auditing is to see if the reality behind the books matches the books. That the number of sheaves of wheat you have in the warehouse match the number you have in the office. If you can not locate the reality what are you verifying?

The scenario described and method I proposed I think do address the identification of assets. I maintain that random sampling can, when properly carried out, provide a mathematically sound confidence of the total size of assets.

I think, rather than governance, this goes to the heart of trust in relationships. Governance to me is more the process of verifying that the trust is not misplaced and that audits are simply one way, but only one of many ways, of quantifying the level of trust one can have in the relationship.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to