[10043] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Russell Nelson)
Tue Jan 1 04:26:29 2002
From: Russell Nelson <nelson@crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Mon, 31 Dec 2001 22:32:41 -0500 (EST)
To: cryptography@wasabisystems.com
In-Reply-To: <200112290154.fBT1sJd06418@dl1.dtc.umn.edu>
Message-ID: <15409.11184.634897.516168@desk.crynwr.com>
Andrew Odlyzko writes:
> 1. Cryptography does not fit human life styles easily.
> 2. Novel technologies take a long time to diffuse through society.
to which I would add:
3. Cryptography, and therefore PKI, is meaningless unless you first
define a threat model. In all the messages with this Subject, I've
only see one person even mention "threat model". Think about the
varying threat models, and the type of cryptography one would propose
to address them. Even the most common instance of encryption,
encrypted web forms for hiding credit card numbers, suffers from
addressing a limited threat model. There's a hell of a lot of known
plaintext there.
--
-russ nelson <sig@russnelson.com> http://russnelson.com
Crynwr sells support for free software | PGPok | If you argue with someone
521 Pleasant Valley Rd. | +1 315 268 1925 voice | who is not rational, he will
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | always win, in his own mind.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
