Russell Nelson <[EMAIL PROTECTED]> writes: > The union of the two sets of "cryptography users" and "paranoid > people" is necessarily non-empty. Who would bother to use > cryptography sans a threat model? And if you've got a non-empty > threat model, then by definition you're paranoid.
I think it's really about degree. I don't agree that having a non-empty threat model implies you a paranoid. You could have a threat model of "I don't want my sister or parents to read this" which is very different than "I don't want the NSA or KGB to read this". I would certainly call both of these statements a "non-empty threat model". I would certainly call the latter threat model "paranoid"; I would NOT call the former threat model paranoid -- I would call it a "normal teenager" :) -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]