Travis H. wrote:
Why the heck am I expiring encryption keys each year? Anyone who
records the email can crack it even if the key is invalid by then.
All it really does is crudely limit the quantity of data sent under
that key, which is little to none anyway.
If your threat model includes
Steven M. Bellovin wrote:
Cambridge Trust puts your picture on the back of your VISA card, for
instance. They have for more than a decade, maybe even two.
One New York bank -- long since absorbed into some megabank -- did the
same thing about 30 years ago. They gave up -- it was expensive
[snip HAVA quote and Nevada news]
So unless there is a amendment to that law (that I am obviously unaware
of) it isn't up to individual States to add this as an additional
requirement - its already required. perhaps someone could enlighten me?
I believe many e-voting machines meet this
In message [EMAIL PROTECTED], John Denker writes:
Here's a challenge directly relevant to this group: Can you
design a comsec system so that pressure against a code clerk
will not do unbounded damage? What about pressure against a
comsec system designer?
Modulo Steve's comments about the threat