On Sun December 28 2008, Ger Hobbelt wrote: > > And all that fuss, just because you've woken up and inquired about > security / protection technology, instead of ignoring the subject and > waiting for a nasty surprise down the road. Dang! ;-)) >
You did well to ask, indeed. Even if the result might have been similar to someone accidentally stepping onto a fire ant hill. ;) Each poster has attempted to give you information, each in their own way - regardless of how it may have read to your eyes. And on an openSSL mailing list, when you don't even use openSSL. Myself, I rarely post here, just read along - - Will probably go back to doing that after this thread. Probably should. ;) But my background (in a long ago, prior lifetime) was that of a "Communications Security Account Custodian" for a government account. Don't be impressed by the title - it just designates the person they take out back and shoot when things "go wrong". But from that background, I have to prod your thinking a bit further - - These are rhetorical questions: Can an "Authorized User" display data that they did not enter? (I.E: Data that someone else entered.) Can they transfer (even if only to paper) that information? If so, how is the distribution and custody of that paper representation handled and controlled? How about the similar activities on the input side - Is the data being entered previously transcribe somehow, in some form? Who has access to the prior data entry format and how is that handled and controlled? Remember: You _must_ consider the system from end-to-end (paper-to-paper?). You _may_ decide that a particular risk is not worth avoiding, but you _must_ consider it. Those questions are from an environment where _both_ sides of a piece of paper had to be inspected, inventoried, signed for, and accounted for during its entire physical existence. Same with its destruction. No: "I shredded and burned side 1, surely I shredded and burned side 2 also" allowed. _Both sides_ No. I am not joking. _Both sides_ (I once asked about the edges; of the wrong person! That was an education.) > Hope you enjoyed Christmas anyhow. > Merry Christmas. Next year's will be better than this one turned out. ;) Mike > Cheers, > > Ger > > > > > > > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
