> It shouldn’t matter who the agent is, if it happened it is also a vulnerability of the system. It should withstand tampering by any sufficiently motivated party.
That's exactly opposite of what infosec experts say, and opposes experience as well. I mean, someone, probably Israel and NSA, got Stuxnet into an airgapped Iranian nuclear facility. Don't try to argue that perfection is necessary - it isn't Security is an economic good, with a price, and a value. When value exceeds price, implement the security. Otherwise, live with it.
> Don't try to argue that perfection is necessary - it isn't Security is an economic good, with a price, and a value. When value exceeds price, implement the security. Otherwise, live with it.
Turns out not everything is operating under market dynamics; unless you’re willing to put a price tag on election integrity, which is a public good. Especially in comparison to existing alternative implementations.
Perfection is a strawman, you are not even arguing for elasticity depending on the attack vector, you’re arguing for a backdoor selective to the identity of the intruder.
That's exactly opposite of what infosec experts say, and opposes experience as well. I mean, someone, probably Israel and NSA, got Stuxnet into an airgapped Iranian nuclear facility. Don't try to argue that perfection is necessary - it isn't Security is an economic good, with a price, and a value. When value exceeds price, implement the security. Otherwise, live with it.