Announcing httpsy://, a YURL scheme

Ed Gerck egerck at
Mon Jul 14 16:08:55 EDT 2003

Ian Grigg wrote:

> Ed Gerck wrote:
> > Not that I believe CAs are essential (I don't, for reasons already presented in '97),
> > but unless the issues of spoofing, MITM and revocation are adequately handled
> > according to a threat model that is useful, communication cannot be considered
> > secure.
> Well.  I worry that your criticism rides on a circular
> assumption.
> To unwind, it is a statement of definition that if the
> threat model is not covered, then the communications
> are insecure.  If the threat model *is* met, then the
> communications are secure.
> So the question devolves to "what is the threat model?"

To unwind my phrase above, IMO the threat model should adequately handle the
issues of spoofing, MITM and revocation in order to be useful. Otherwise,
communication cannot be considered secure.

As a counter-example, using an empty threat model does not qualify
for "secure" even though any implementation would meet an empty threat
model. Not including a recourse against probable attacks such as spoofing,
MITM and key compromise (revocation) is IMO actually insecure.

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list