[Cryptography] Hiding parties identities
Ralf Senderek
crypto at senderek.ie
Fri Oct 30 05:08:44 EDT 2015
Peter Gutmann asked:
>> So the question really is: What's your threat model?
Christian Huitema answered:
> RFC 7624 is a good start for that.
While this RFC nicely summarizes the various post-Snowden threats and
categorizes them using clear terminology, it really does not address
the endpoint issues and consequently does not reveal a complete
threat model.
It is interesting that there is another document trying to give
"answers", that are omitted in RFC 7624 deliberately. This document
focuses on mitigations to the problems listed in RFC 7624.
https://tools.ietf.org/html/draft-iab-privsec-confidentiality-mitigations-03
As expected, these mitigations fall short of considering the role of
endpoint devices as "unwittingly collaborators".
--ralf
More information about the cryptography
mailing list