M.R., > In these long and extensive discussions about "fixing PKI" there > seems to be a fair degree of agreement that one of the reasons > for the current difficulties is the fact that there was no precisely > defined threat model, documented and agreed upon ~before~ the > "SSL system" was designed and deployed. > > It appears to me that it is consequently surprising that again, > in these discussions for instance, there is little or nothing > offered to remedy that; i.e., to define the threat model > completely independent of what the response to it might or > might not be.
If you define security to be "the absence of unmitigatable surprise" and if you acknowledge the primary design constraint in security engineering to be "no silent failure," then your threat model is your exposure to that which precludes mitigation due either to its impact velocity or to its silence. IMHO, --dan _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
