Interestingly, the strategy (3.38) makes no mention of the "security"
advantages in NHSnet. Perhaps someone has realised that to support over
10000 endpoints and universal clinician access to distributed records,
physical network security will become a lost cause. But I don't yet see
any firm statement on how encryption / authentication should be implemented
either.
(SSL v3+, a national certifier authority, freely available massive-key
crypto, standard access control and trust protocols, key escrow only if
decentralised... please...)
-Hugh
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|