CFP: PKI research workshop

Derek Atkins warlord at MIT.EDU
Wed Jan 2 09:37:48 EST 2002 

Lynn,

I think you should specify "confidentiality" as another issue to be
addressed.  Perhaps you include confidentiality in your "privacy" or
"security" subsections, but I've found that many people think (and
mean) different things when they use these two terms.  For example, is
privacy necessarily privacy of communicated data from eavesdroppers,
or is it the privacy of personal information (perhaps the privacy of
the authentication information) so an eavesdropper does not know who
is communicating?

Unfortunately your garlic.com URL (security.htm) does not work and
returns an HTTP 404 error.

-derek

lynn.wheeler at firstdata.com writes:

> sometimes the "principles" of security are referred to as PAIN or sometims
> PAIIN
> 
> see
> http://www.garlic.com/~lynn/security.htm
> 
> and click on PAIN & PAIIN in the acronym section of the glossary.
> 
> Doing a threat model ... would include not only end-to-end issues .... but
> what aspects of PAIIN are being addressed.
> privacy, authentication, identification, integrity, non-repudiation (PAIIN)
> (see also authentication, identification, integrity, non-repudiation,
> privacy, security)
> 
> an aspect of security can be integrity and and aspect of integrity can be
> dependability .... leading to things like:
> http://www.hdcc.cs.cmu.edu/may01/index.html
> 
> which is then related back to my posting on sunday (with regard to
> integrity)
> http://www.garlic.com/~lynn/aadsm9.htm#cfppki10 CFP: PKI research workshop
> 
> 
> 
> 
> 
> nelson at crynwr.com on 12/31/2001 8:32 pm wrote:
> 
> 
> to which I would add:
> 
> 3. Cryptography, and therefore PKI, is meaningless unless you first
> define a threat model.  In all the messages with this Subject, I've
> only see one person even mention "threat model".  Think about the
> varying threat models, and the type of cryptography one would propose
> to address them.  Even the most common instance of encryption,
> encrypted web forms for hiding credit card numbers, suffers from
> addressing a limited threat model.  There's a hell of a lot of known
> plaintext there.
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list