Horst Herb wrote:
> In case you missed that posting: my proposal included a daily (or weekly or so)
>automated exchange of hash list updates between either a large number of independend
>practices or with a 3rd party non-profit trustee. That means, I generate my hashes,
>compress this list, and off it goes by internet to the exchange ring, stored there in
>a CVS like database, same way I will receive every fday the list updates from other
>practices in my database. Now, if my and some other clinics burn down over night,
>there will be still dozens of others able to give evidence for my records. As you
>would provide this service mutually, ther would virtually be no extra costs involved
>(other than setting up the system and providing storage space / online time). I
>believe, this distributed approach is even more secure than a bank safe.
I agree (I did see it, just forgot to atrribute it to you ... too many hours at this
keyboard!). I would like to see openEHR (the GEHR foundation currently being set up)
do functinos like this. Again, for transparency purposes, you could have the hashes
online, and even visible. Why not - they are not decryptable.
Yes, I know that this relies on the integrity of the openEHR foundation, but you have
to rely on _someone's_ integrity. OpenEHR will eventually have a major server in
Australia, the US and Europe which could perform this function. I don't think I'd
bother with the ring. You don't need to hide these hash strings, just the opposite.
Also, I think it would be a bit too chaotic expecting all the other servers using your
system to get it right - it's an admin cost. Better to use a few big servers with
trained administrators and reliable version control etc.
- thomas beale
