There was a discussion with me, @or13 and @kaywilliams on the other PR that wasn't addressed, and I think is very important.
I'm concerned that we're swerving a little into the 'preventative security' world where actually the work here is transparency and accountability. In the example given we don't have total confidence that the computer will always behave perfectly: even with the 'right' software payload there may be bugs or operator-borne attacks, for example. But what we do have is confidence that you're dealing with the computer system you thought you would be, and that nothing has been injected or modified on its way to you.
I also removed "an individual" because humans aren't realistically going to be doing much of this transactional verification: we want all of this stuff to be strong enough that we can automate all the mundane validation work away.
There was a discussion with me, @or13 and @kaywilliams on the other PR that wasn't addressed, and I think is very important.
I'm concerned that we're swerving a little into the 'preventative security' world where actually the work here is transparency and accountability. In the example given we don't have total confidence that the computer will always behave perfectly: even with the 'right' software payload there may be bugs or operator-borne attacks, for example. But what we do have is confidence that you're dealing with the computer system you thought you would be, and that nothing has been injected or modified on its way to you.
I also removed "an individual" because humans aren't realistically going to be doing much of this transactional verification: we want all of this stuff to be strong enough that we can automate all the mundane validation work away.