[E-Lang] Re: there is no security without a threat model (was: Re: [p2p-hackers] Reputation System: "Dimensions of Trust")

steve jenson stevej@sieve.net
Wed, 13 Jun 2001 21:05:02 -0700

Quoting Mark S. Miller (markm@caplet.com):

> In another forum, At 12:21 PM Thursday 6/7/01, zooko@zooko.com wrote:
> >One thing that can be said for certain is that attempts to provide security of
> >any kind desperately need to have the threat model made explicit. [...]
> >Bram Cohen [...] saying that the hardest
> >part of crypto engineering is deciding what threat model you are addressing.
> So let's work on threat models for E, and for a few example apps built in E 
> (like EChat, either or both MintMakers, and the stock market challenge).  
> Where/how do we start?

I'm sad to see that there's been no more conversation on this topic although
I know zooko to be amazingly busy lately (according to his weblog on

BTW, has anybody here have an opinion on CSP? It's a process algebra
for modelling the security properties of communicating processes (as
an abstract term). I'm currently reading a book out of the UK called
"Modelling and Analysis of Security Protocols" (ISBN:0201674718), and so
far it's been an interesting read. Here's a site devoted to the subject:


steve jenson <stevej@sieve.net> [http://sieve.net/]
PGP Fingerprint: 79D0 4836 11E4 A43A 0179  FC97 3AE2 008E 1E57 6138