[E-Lang] Re: there is no security without a threat model
(was: Re: [p2p-hackers] Reputation System: "Dimensions of Trust")
Mark S. Miller
Thu, 14 Jun 2001 15:20:23 -0700
At 01:10 PM Thursday 6/14/01, email@example.com wrote:
>[...] generating a threat model for a specific application, while already
>difficult, seems much easier than generating a set of possible threat models,
>or some kind of meta-threat model, for all possible E apps. But maybe it is
>more straightforward than I think.
>I'm sorry if this seems obvious, but that's as far as I've gotten.
Seems both non-obvious (to me at least) and valuable. Thanks. How about we
start with the canonical simple example of a secure distributed E app -- echat?