[FDE] Appropriate key lengths

[Allen]

James A. Donald wrote:
[snip]

> The present economic chaos is in part a result of
> Sarbanes-Oxley, which made it legal, and indeed arguably
> mandatory, for various financial firms to misrepresent
> the value of their mortgages in a fashion very similar
> to the way that Enron misrepresented the value of their
> gas contracts.  To make accounts correctly represent
> reality is a hard problem, a problem in which
> legislators lack background and skills.  When
> legislators proceeded to tell businessmen how to do
> their accounts, the result was complete disaster.

So, if I understand you correctly, without legislative or other, 
similar regulatory mechanisms in place we get Enrons and once 
they are in place we get Enrons. Huh?

I am not convinced that financial firms know what they are doing 
with or without government interference. I will grant that often 
as not governmental solutions are not well thought out or 
properly enforced. However given that I have seen financial 
institutions allow, even encourage, gross insecurities in their 
infrastructure to save a penny now and devil take the hindmost 
when their stupidity catches up with them as we see in the 
current mortgage situation and Bear Sterns, it seems we need 
something to prevent more structures like snake oil cryptography.

How do we get the transparency that we insist on for evaluation 
of cryptography in these other areas where we will be applying 
some form of "technology" to control deviant behavior?

It seems like the same problem we currently have, just slightly 
different elements at the foundation. Any ideas that we come up 
with, I would think, would have a fairly universal application 
across the spectrum and be the basis for less crazy actions in 
creating new processes. Sort of a scientific method where the end 
result is peer reviewed for quality, or is this too much to expect?

Allen

Alle