[cryptography] PKI - and the threat model is ...?

M.R. makrober at gmail.com
Mon Sep 12 10:15:37 EDT 2011


In these long and extensive discussions about "fixing PKI" there
seems to be a fair degree of agreement that one of the reasons
for the current difficulties is the fact that there was no precisely
defined threat model, documented and agreed upon ~before~ the
"SSL system" was designed and deployed.

It appears to me that it is consequently surprising that again,
in these discussions for instance, there is little or nothing
offered to remedy that; i.e., to define the threat model
completely independent of what the response to it might or
might not be.

Mark R.





More information about the cryptography mailing list