Ok, now that key length seems to be moving on, I have a few questions on Dean's other issues... On 8/06/2011 9:11 p.m., Dean Pemberton wrote:
Some other ones don't seem to have moved anywhere yet:
. Trusted community representatives . Site Security
Perhaps I missed it, but I don't recall seeing the Police mentioned anywhere. Smart cards held in tamper proof bags should be inspected and it strikes me that the Police are the people to be doing that on behalf of the Government and the community (public, not IT geeks). It also strikes me that the Police should be giving a sign off on site security. Lotto is verified by the Police. I'm also wondering where the Department of Internal Affairs is on this? iirc they're all over Lotto as well aren't they? Who's all over this space from the government? When it comes to representatives that most of us trust in the community it's normally a Police officer. I get the whole suggestion that your average police officer wouldn't have a clue what you're doing with a PC, but they are trained to have observation skills to note if someone is acting out of character and when to ask questions. If one of our representatives have been compromised then a Police officer is more likely to notice anything odd that I am (even given how much "The Mentalist" I watch on TV each week). Also there's an e-crimes division. Should they have people who would have some clue when it comes to what's going on at the keyboard and should have some involvement? Can we trust that those people have a level of security clearance that we should be happy with? Are those people quite so publicly visible? As with key length, there are perception issues here. D