On Sep 12, 2011, at 7:15 AM, M.R. wrote:
> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon ~before~ the
> "SSL system" was designed and deployed.
>
> It appears to me that it is consequently surprising that again,
> in these discussions for instance, there is little or nothing
> offered to remedy that; i.e., to define the threat model
> completely independent of what the response to it might or
> might not be.
Bingo.
Jon
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
