[cryptography] PKI - and the threat model is ...?

Marsh Ray marsh at extendedsubset.com
Mon Sep 12 15:12:09 EDT 2011

On 09/12/2011 01:45 PM, M.R. wrote:
> The system is not expected to protect individual
> liberty, life or limb, nor is it expected to protect high-value
> monetary transactions, intellectual property assets, state secrets
> or critical civic infrastructure operations.

It never was, and yet, it is asked to do that routinely today.

This is where threat modeling falls flat.

The more generally useful a communications facility that you develop, 
the less knowledge and control the engineer has about the conditions 
under which it will be used.

SSL/TLS is very general and very useful. We can place very little 
restriction on how it is deployed.

It will be used wherever it "works" and "feels secure". More and more 
firewalls seem to be proxying port 80 and passing port 443. So it will 
continue to be used a lot.

Few app layer protocol designers will say "this really wasn't part of 
the SSL/TLS threat model, we should use something else". Most will say 
"this is readily available and is used by critical infrastructure and 
transactions of far greater value than ours".

It needs to be as secure as possible, but I freely admit that I don't 
know what that means.

- Marsh

More information about the cryptography mailing list