On Sep 12, 2011, at 7:15 AM, M.R. wrote: > In these long and extensive discussions about "fixing PKI" there > seems to be a fair degree of agreement that one of the reasons > for the current difficulties is the fact that there was no precisely > defined threat model, documented and agreed upon ~before~ the > "SSL system" was designed and deployed. > > It appears to me that it is consequently surprising that again, > in these discussions for instance, there is little or nothing > offered to remedy that; i.e., to define the threat model > completely independent of what the response to it might or > might not be.
Bingo. Jon _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography