CFP: PKI research workshop

lynn.wheeler at firstdata.com lynn.wheeler at firstdata.com
Tue Jan 1 13:50:55 EST 2002


sometimes the "principles" of security are referred to as PAIN or sometims
PAIIN

see
http://www.garlic.com/~lynn/security.htm

and click on PAIN & PAIIN in the acronym section of the glossary.

Doing a threat model ... would include not only end-to-end issues .... but
what aspects of PAIIN are being addressed.
privacy, authentication, identification, integrity, non-repudiation (PAIIN)
(see also authentication, identification, integrity, non-repudiation,
privacy, security)

an aspect of security can be integrity and and aspect of integrity can be
dependability .... leading to things like:
http://www.hdcc.cs.cmu.edu/may01/index.html

which is then related back to my posting on sunday (with regard to
integrity)
http://www.garlic.com/~lynn/aadsm9.htm#cfppki10 CFP: PKI research workshop





nelson at crynwr.com on 12/31/2001 8:32 pm wrote:


to which I would add:

3. Cryptography, and therefore PKI, is meaningless unless you first
define a threat model.  In all the messages with this Subject, I've
only see one person even mention "threat model".  Think about the
varying threat models, and the type of cryptography one would propose
to address them.  Even the most common instance of encryption,
encrypted web forms for hiding credit card numbers, suffers from
addressing a limited threat model.  There's a hell of a lot of known
plaintext there.






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list