small discussion of security proportional to risk: http://www.garlic.com/~lynn/2002h.html#61 security proportional to risk
slightly related http://www.garlic.com/~lynn/2001j.html#5 E-commerce security???? http://www.garlic.com/~lynn/2001j.html#54 Does "Strong Security" Mean Anything? also slightly related, both the tpm chips and various card chips are similar ... some with eal3-high or eal4-high evaluation. however these ratings are typically just for the chip ... or the chip with the barest of software .... not the completely delivered operation environment. trying to get an EAL5-high or EAL6-high on the complete package .... would include getting evaluation on things like any crypto (for those chips employing crypto) ... which is a interesting whole 'nother exercise. slightly related: http://www.garlic.com/~lynn/aadsm12.htm#13 anybody seen (EAL5) semi-formal specification for FIPS186-2/x9.62 ecdsa? http://www.garlic.com/~lynn/2002h.html#71 history of CMS http://www.garlic.com/~lynn/2002h.html#84 history of CMS http://www.garlic.com/~lynn/2002j.html#86 formal fips186-2/x9.62 definition for eal 5/6 evaluation [EMAIL PROTECTED] on 8/10/2002 11:01 pm wrote: Can't be done. I don't have time to go into ALL the reasons. Fortunately for me, any one reason is sufficient. #1: it's all about the economics. You have failed to specify that the cost of breaking into the data has to exceed the value of the data. But even if you did that, you'd have to assume that the data was never worth more than that to *anyone*. As soon as it was worth that, they could break into the data, and data is, after all, just data. Ignore economics at your peril. -- -russ nelson http://russnelson.com | Crynwr sells support for free software | PGPok | businesses persuade 521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]