[145081] in cryptography@c2.net mail archive
Re: Crypto dongles to secure online transactions
daemon@ATHENA.MIT.EDU (John Levine)
Tue Nov 17 08:26:17 2009
Date: 17 Nov 2009 01:35:12 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <20091111155344.2CF6933DAC@absinthe.tinho.net>
Cc: dan@geer.org
> So should or should not an embedded system have a remote management
> interface?
In this case, heck, no. The whole point of this thing is that it is
NOT remotely programmable to keep malware out.
If you have a modest and well-defined spec, it is well within our
abilities to produce reliable code. People write software for medical
devices and vehicle control which is not remotely updated, and both
our pacemakers and are cars are adequately reliable. If you define
the spec carefully enough that you can expect to make a million
devices, the cost of even very expensive software is lost in the
noise.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
