On Fri, 25 Sep 1998 08:53:01 +0100, you wrote:
>
>
>Interestingly, the strategy (3.38) makes no mention of the "security"
>advantages in NHSnet. Perhaps someone has realised that to support over
>10000 endpoints and universal clinician access to distributed records,
>physical network security will become a lost cause. But I don't yet see
>any firm statement on how encryption / authentication should be implemented
>either.
>
>(SSL v3+, a national certifier authority, freely available massive-key
>crypto, standard access control and trust protocols, key escrow only if
>decentralised... please...)
>
>-Hugh
>
>
Thanks for saying it for me, Hugh
I couldn't have put it better myself.
However it is worth remembering that 2-key encryption itself isn't a
cure-all. The process of key certification is the thing that we as a
profession must control, ie: knowing that a published key actually
does belong to the person it purports to belong to.
This task is well within the ability of the GMC with the co-operation
of LMCs.
(Otherwise DIN will be happy to run it under strict ethical rules.)
Kind regards,
Paul
Kind regards,
Paul
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|