CFP: PKI research workshop
lynn.wheeler at firstdata.com
lynn.wheeler at firstdata.com
Fri Jan 4 12:47:36 EST 2002
one of the largest financial networks ... slightly different kind
http://www.garlic.com/~lynn/2001n.html#22
again financial ... discussion of additional kinds of risks/threats
Sound Practices for the Management and Supervision of Operational Risk
http://www.bis.org/publ/bcbs86.htm
Intro ...
The purpose of this paper, prepared by the Risk Management Group of the
Basel Committee on Banking Supervision (the Committee), is to further
the Committee's dialogue with the industry on the development of Sound
Practices for the Management and Supervision of Operational
Risk. Comments on the issues outlined in this paper would be welcome,
and should be submitted to relevant national supervisory authorities
and central banks and may also be sent to the Secretariat of the Basel
Committee on Banking Supervision at the Bank for International
Settlements, CH-4002 Basel, Switzerland by 31 March 2002. Comments may
be submitted via e-mail: BCBS.capital at bis.org or by fax: + 41 61 280
9100. Comments on this paper will not be posted on the BIS website.
<nelson at crynmw.com> on 12/31/2001 8:32 pm wrote:
to which I would add:
3. Cryptography, and therefore PKI, is meaningless unless you first
define a threat model. In all the messages with this Subject, I've
only see one person even mention "threat model". Think about the
varying threat models, and the type of cryptography one would propose
to address them. Even the most common instance of encryption,
encrypted web forms for hiding credit card numbers, suffers from
addressing a limited threat model. There's a hell of a lot of known
plaintext there.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list