[E-Lang] Re: there is no security without a threat model (was: Re: [p2p-hackers] Reputation System: "Dimensions of Trust")
Wed, 13 Jun 2001 21:05:02 -0700
Quoting Mark S. Miller (email@example.com):
> In another forum, At 12:21 PM Thursday 6/7/01, firstname.lastname@example.org wrote:
> >One thing that can be said for certain is that attempts to provide security of
> >any kind desperately need to have the threat model made explicit. [...]
> >Bram Cohen [...] saying that the hardest
> >part of crypto engineering is deciding what threat model you are addressing.
> So let's work on threat models for E, and for a few example apps built in E
> (like EChat, either or both MintMakers, and the stock market challenge).
> Where/how do we start?
I'm sad to see that there's been no more conversation on this topic although
I know zooko to be amazingly busy lately (according to his weblog on
BTW, has anybody here have an opinion on CSP? It's a process algebra
for modelling the security properties of communicating processes (as
an abstract term). I'm currently reading a book out of the UK called
"Modelling and Analysis of Security Protocols" (ISBN:0201674718), and so
far it's been an interesting read. Here's a site devoted to the subject:
steve jenson <email@example.com> [http://sieve.net/]
PGP Fingerprint: 79D0 4836 11E4 A43A 0179 FC97 3AE2 008E 1E57 6138