[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Time for a major re-think in 2005 - opinions
|
From: |
Ian Haywood |
|
Subject: |
Re: [Gnumed-devel] Time for a major re-think in 2005 - opinions |
|
Date: |
Sat, 8 Jan 2005 22:06:49 -0500 |
|
User-agent: |
Mutt/1.3.28i |
On Sun, Jan 09, 2005 at 10:41:59AM +1100, catmat wrote:
> does sound simpler, and one could only subvert the audit between
> dumps.
You're proposing on-the-spot signing of committed data? But if an
attacker has access to alter the database at will, its easy to capture
the signing key and fake signatures, unless you sign on the client
(which, in reality) is less secure than the server)
Signed dumps is so you can prove to someone else (the courts) that you
haven't modified your own backups.
> If an identity's record was exported to another system, what would be the
> protocol for supplying a verified audit with the record?
AFAIK there's no protocol to do this yet. Maybe HL7 3.0 does, (I
can't understand their docs.)
Ian
pgpeN1WDow9AY.pgp
Description: PGP signature