Data security: "external" versus "internal"

From: Jim March <jmarch_at_prodigy_dot_net>
Date: Mon May 02 2005 - 17:46:54 CDT

As I understand this, Jamboi wants to brew up a data file type that is
both "open data" (publicly readable) and internally secure with little
or no external checking...sorta what Diebold claimed they had with
MS-Access data (an admittedly stupid example of course...).

The alternative is a fundamentally UNsecure data format that's easy to
read, externally controlled and hashed...what Jamboi calls a "bandaid"
on top of the unsecure data.

I think in this case the "bandaid" is warranted.

1) If you add hardcore security to the complexity of the distributable
data file, you make it harder to read and readable in fewer
applications. Plain text (be it XML or hell, Comma Separated Values for
that matter) can be digested in numerous apps across multiple
platforms. If I understand Jamboi's argument correctly, unless somebody
wrote their own data reader app the data would be readable on Linux
boxes using our readers...unless we wrote our own cross-platform readers...?

2) What if our version 1.0 is screwed up? If our data files are dead
standard, we could switch out the "bandaid" used to do the
hashes/checksums/etc. as needed or as technology advances. It's modular.

3) It's also a HELL of a lot less work! Tools to deal with standard
data formats already exist, some under GPL that we can rapidly
incorporate. Ditto various hash apps. "Jam" 'em together, a few late
nights of pizza and testing, stick a fork in it. Hell, we can (and
should!) test multiple hash processing/handshaking systems at the same
time, pick one final but note which others don't suck too bad so if our
top choice turns out to stink in some complex fashion we didn't catch,
oh well, "plan B" time.

What Jamboi calls "bandaids" I call "modular" and "rapid development" :).

And genuinely "open data".

Jim
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:13 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT