anonymous DH & MITM

Arnold G. Reinhold reinhold at world.std.com
Fri Oct 3 14:21:44 EDT 2003


At 11:50 PM -0400 10/1/03, Ian Grigg wrote:
>...
>A threat must occur sufficiently in real use, and incur
>sufficient costs in excess of protecting against it, in
>order to be included in the threat model on its merits.
>

I think that is an excellent summation of the history-based approach 
to threat modeling. There is another approach, however, 
capability-based threat modeling. What attacks will adversaries whom 
I reasonably expect to encounter mount once the system I am 
developing is deployed? Military planners call this the "responsive 
threat."  There are many famous failures of history-based threat 
modeling: tanks vs. cavalry, bombers vs. battleships, vacuum tubes 
vs. electromechanical cipher machines, box cutters vs skyscrapers, 
etc.

In the world of the Internet the time available to put in place 
counteract new threats once they are publicized appears to be 
shrinking rapidly. And we are only seeing one class of adversaries: 
the informal network of hackers. For the most part, they have not 
tried to maximize the damage they cause. There is another class, 
hostile governments and terrorists, who have so far not shown their 
hands but are presumably following developments closely.  I don't 
think we can restrict ourselves to threats already proven in the wild.

Then there is the matter of costs and who pays them. Industry is 
often willing to absorb small costs, or, better, fob them off onto 
consumers. Moderate costs can be insured against or written off as 
"extraordinary expenses." Stockholders are shielded from the full 
impact of catastrophic costs by the bankruptcy laws and can sometimes 
even get governments to subsidize such losses.

Perhaps guilds are the right model for cryptography. At their best, 
guilds preserve knowledge and uphold standards that would otherwise 
be ignored by market forces. Anyone out there willing to have open 
heart surgery performed by someone other than a member of the 
surgeon's guild?


Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list