CFP: PKI research workshop
lynn.wheeler at firstdata.com
lynn.wheeler at firstdata.com
Tue Jan 1 13:50:55 EST 2002
sometimes the "principles" of security are referred to as PAIN or sometims
PAIIN
see
http://www.garlic.com/~lynn/security.htm
and click on PAIN & PAIIN in the acronym section of the glossary.
Doing a threat model ... would include not only end-to-end issues .... but
what aspects of PAIIN are being addressed.
privacy, authentication, identification, integrity, non-repudiation (PAIIN)
(see also authentication, identification, integrity, non-repudiation,
privacy, security)
an aspect of security can be integrity and and aspect of integrity can be
dependability .... leading to things like:
http://www.hdcc.cs.cmu.edu/may01/index.html
which is then related back to my posting on sunday (with regard to
integrity)
http://www.garlic.com/~lynn/aadsm9.htm#cfppki10 CFP: PKI research workshop
nelson at crynwr.com on 12/31/2001 8:32 pm wrote:
to which I would add:
3. Cryptography, and therefore PKI, is meaningless unless you first
define a threat model. In all the messages with this Subject, I've
only see one person even mention "threat model". Think about the
varying threat models, and the type of cryptography one would propose
to address them. Even the most common instance of encryption,
encrypted web forms for hiding credit card numbers, suffers from
addressing a limited threat model. There's a hell of a lot of known
plaintext there.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list