This month's Cryptogram includes a good example of a security analysis on the question of political votes collection by software. It was written by Bruce Schneier and Paul Kocher, and starts and ends in dollars, so it makes a good example of how things are done (c.f., the discussion on the dollar value of a life).
http://www.schneier.com/crypto-gram-0404.html#4
As voting is (like ones life) a charged issue, I'd suggest that it *not* be included in list of normal users doing normal transactions. Once the dust settles on the US debates over election vote counting, maybe then would be the time to re-address.
Which still leaves the question of how to define and measure the normal user activity. One way would be to simply stab at the costs:
E.g., the normal user is doing a transaction. That transaction if breached, will result in a maximum $X loss. Also, if the entire session is opened up, then the user herself will then be subject to a maximum of $Y costs.
So, for example, $100 per transaction, and $1000 per privacy breach, but please pick your own numbers.
iang
PS: I was going to post just the extract, but there are also other good stories, relevent to the current topics of the list. Click on the above and look for "Man-in-the-Middle Attack" and also "BeepCard". _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
