[E-Lang] Re: there is no security without a threat model (was: Re: [p2p-hackers] Reputation System: "Dimensions of Trust")

[steve jenson]

Quoting Mark S. Miller (markm@caplet.com):

> At 01:10 PM Thursday 6/14/01, zooko@zooko.com wrote:
> >[...] generating a threat model for a specific application, while already
> >difficult, seems much easier than generating a set of possible threat models,
> >or some kind of meta-threat model, for all possible E apps.  But maybe it is
> >more straightforward than I think.
> >
> >I'm sorry if this seems obvious, but that's as far as I've gotten.
> 
> Seems both non-obvious (to me at least) and valuable.  Thanks.  How about we 
> start with the canonical simple example of a secure distributed E app -- echat?

It seems to me that the first thing we would start with is: "What are
we trying to protect?" I suppose addendums to that would include: "For
how long" and "from whom". What else?

steve