[E-Lang] Re: there is no security without a threat model (was: Re: [p2p-hackers] Reputation System: "Dimensions of Trust")
Thu, 14 Jun 2001 15:41:36 -0700
Quoting Mark S. Miller (email@example.com):
> At 01:10 PM Thursday 6/14/01, firstname.lastname@example.org wrote:
> >[...] generating a threat model for a specific application, while already
> >difficult, seems much easier than generating a set of possible threat models,
> >or some kind of meta-threat model, for all possible E apps. But maybe it is
> >more straightforward than I think.
> >I'm sorry if this seems obvious, but that's as far as I've gotten.
> Seems both non-obvious (to me at least) and valuable. Thanks. How about we
> start with the canonical simple example of a secure distributed E app -- echat?
It seems to me that the first thing we would start with is: "What are
we trying to protect?" I suppose addendums to that would include: "For
how long" and "from whom". What else?