[cryptography] Long posts: tl; dr (Re: PKI - and the threat model is ...?)

Nico Williams nico at cryptonector.com
Mon Sep 12 12:23:31 EDT 2011


On Mon, Sep 12, 2011 at 9:15 AM, M.R. <makrober at gmail.com> wrote:
> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon ~before~ the
> "SSL system" was designed and deployed.

We know what the threat model should have been.  That ought to be
enough to figure out what to do, but evidently it's not.  Besides the
difficulty in getting agreement on what to do, it's also difficult to
agree on what constraints we face.

I agree that lots of very long posts here aren't necessarily helpful
(tl;dr).  There's too many points of view and no synthesis.

It might be useful to have someone (volunteer, of course) summarize
all of these very long posts so that they might be more accessible to
those of us who have other draws on our time.  Better yet: use
restraint before posting!  Don't retread; assume reader familiarity;
include references where possible; be concise (even if not precise;
precision can come later).

Nico
--



More information about the cryptography mailing list