Ian G <[email protected]> writes: It is not a new observation that the original threat modelling had flaws you could drive a truck through :)
You forgot to mention what the SSL/browser PKI threat model actually is, as first pointed out by some guy called Grigg: SSL/browser PKI is defined to be the solution. The threat is defined to be whatever the solution addresses. (I've termed it "The Inside-Out Threat Model". Unfortunately quite common in computer security). Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
