[Cryptography] What is a secure conversation? (Was: online forums...)
Jerry Leichter
leichter at lrw.com
Fri Dec 27 14:37:16 EST 2013
On Dec 27, 2013, at 2:12 PM, Theodore Ts'o <tytso at mit.edu> wrote:
>> WYTM? Then the next step is we list out *all the threats we can
>> think of* ... without prejudice.
>>
>> Later on we do some risk analysis and decide which are serious or not.
>
> I think we should do both steps at the same time....
You're both right. :-)
It's great in theory to list every possible attack and analyze risks later, but then you're going to fill the list with things like "the attacker figures out how to infiltrate the brain of the reader and plant a virus that weeks later makes him go insane and kill everyone around him".
On the other hand, you don't want to narrow things too quickly. While I posed the question concerning this particular list, I was using it as an example. There are other public or semi-public lists where discussion may have some higher probability of influencing important decisions or actions, and where some kinds of manipulation might actually have a payoff to the attacker. Discussion of investments are probably a good example - they are a prime target for a variety of fraudsters.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131227/a3a0ce47/attachment.bin>
More information about the cryptography
mailing list