bye bye ViaCode

[Pete Chown]

Adrian Midgley wrote:

> A new consultant joined the Gastroenterology department a month or so ago, 
> today I got an invitation, in common with all GPs, to a meeting at which he 
> will speak (on Hepatitis C as it happens).  

Makes me wish I was a GP...  ;-)

I suppose my point is not so much that WoT couldn't be done, as much as
that it would be a lot of work.  It would also need commitment from
everyone who was to be part of it, or it wouldn't work.  With
centralised key management, at least you know everyone ought to have a
key that you can trust.  Bearing in mind this disadvantage of the WoT,
I'm curious to know what you see as the advantages.

Following on from Ross's point, I suppose the question is what you are
trying to create.  Any security solution for the NHS will probably use
crypto as a building block, but what will be built with the blocks?  Are
you expecting that the consultants will report back to you, and you will
store the authoritative copy of patients' records at your surgery?  I
don't know how GPs work, so I don't know whether this would be a
reasonable thing to do, but decisions like this are the other side of
information security in the NHS.

(Then, of course, someone wants access to your patient records -- so
easy, now they are all electronic.  It might be for the best of reasons,
such as dealing with patients who arrive in casualty after having an
accident.)

> Thoe building a system that allows someone who I never met to tell me that he 
> is trustworthy because he has a certificate form a CA may not really 
> understand how our domain and its trust relationships works.

I've never seen a certificate that says someone is trustworthy, only one
that certifies someone's personal attributes (name, address, department,
whatever).

-- 
Pete