[cryptography] PKI - and the threat model is ...?

M.R. makrober at gmail.com
Tue Sep 13 03:46:19 EDT 2011

On 12/09/11 19:12, Marsh Ray wrote:
> On 09/12/2011 01:45 PM, M.R. wrote:
>> The system is not expected to protect individual
>> liberty, life or limb, nor is it expected to protect high-value
>> monetary transactions, intellectual property assets, state secrets
>> or critical civic infrastructure operations.
> It never was, and yet, it is asked to do that routinely today.

let's take just one of the above as an example: high-value monetary
transactions - the only item in the list that I am somewhat familiar

I can not think of a single scenario where the two parties that do
that, prefer a trust chain that includes a third party for introduction
and identity vouching instead of the out-of-channel shared secret
or key fingerprint exchange. However, secure mass retail system is
pretty well impossible without such trusted third party.

This is why the threat model *must* define the profile of communicating
parties and the value of transactions. If it does not, it will be so
general that it will, with the current state of technology and 
environment, leave the designer/builder with no option but to create
an inadequate system.

If the threat model defines it, there must be something that ensures
the system use does not spill outside of the model definition. There
are, for most systems, two primary methods for this: rules enforcement
and user education. When there is no owner around or the owner has no
ability to effectively enforce the rules, the education must pick up
the slack.

Mark R.

More information about the cryptography mailing list