[cryptography] PKI - and the threat model is ...?

dan at geer.org dan at geer.org
Mon Sep 12 14:08:34 EDT 2011


> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon ~before~ the
> "SSL system" was designed and deployed.
> It appears to me that it is consequently surprising that again,
> in these discussions for instance, there is little or nothing
> offered to remedy that; i.e., to define the threat model
> completely independent of what the response to it might or
> might not be.

If you define security to be "the absence of unmitigatable surprise"
and if you acknowledge the primary design constraint in security
engineering to be "no silent failure," then your threat model is
your exposure to that which precludes mitigation due either to its
impact velocity or to its silence.



More information about the cryptography mailing list