[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Things to do - Requirement Document. Security.
Jason, I was asking for the sections in the requirements document. And I do agree that audit is a security function. First let us identify *all* requirements and then worry about categorizing them. If we can categorize them as we add the requirements, it is well and good, but the emphasis is to get *all* angles. We have (at least) two issues on encryption - wire/transport security and document security. I see no way other than to specify that *all* election related transactions be carried over SSL/TLS. This would satisfy the wire security. The other side of security is the field level encryption. We also need to address non-repudiation across all system components. cheers & have a nice weekend |-----Original Message----- |From: Jason Kitcat [mailto:jeep@free-project.org] |Sent: Friday, June 22, 2001 7:45 AM |To: election-services@lists.oasis-open.org |Subject: RE: Things to do - Requirement Document. Security. | | |Hi, | |> Good comments. Here are my observations. |> |> 1. We would add audit as another section. While we are |>on this subject, |>what other sections do you see for the req document ? | |Another section where? To the document or to security? I personally |think it has to be addressed with security. | |> 2. The partial encryption is to *selectively* expose |>information. For |>example for statistics purpose, one might have to look at the county |>information, but not the actual voting. So there could be two |encryptions - |>one for county and one for actual vote. Again, the point is, we should not |>make it *impossible* to do partial encryption. For all we know, |we might do |>full encryption. | |Some confusion I think.... we need to distinguish between |communications/transport level encryption and data/information level |encryption. I was talking about transport level but you clearly |aren't ;-) | |But I agree, keep the options open. | |regards, |Jason | |-- | The FREE e-democracy project |---------------------------------------- | http://www.free-project.org |---------------------------------------- | secure, private and reliable Free Software |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC