Russell Nelson <[EMAIL PROTECTED]> writes:
> The union of the two sets of "cryptography users" and "paranoid
> people" is necessarily non-empty. Who would bother to use
> cryptography sans a threat model? And if you've got a non-empty
> threat model, then by definition you're paranoid.
I think it's really about degree. I don't agree that having a
non-empty threat model implies you a paranoid.
You could have a threat model of "I don't want my sister or parents to
read this" which is very different than "I don't want the NSA or KGB
to read this". I would certainly call both of these statements a
"non-empty threat model". I would certainly call the latter threat
model "paranoid"; I would NOT call the former threat model paranoid --
I would call it a "normal teenager" :)
-derek
--
Derek Atkins
Computer and Internet Security Consultant
[EMAIL PROTECTED] www.ihtfp.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
