sometimes the "principles" of security are referred to as PAIN or sometims PAIIN
see http://www.garlic.com/~lynn/security.htm and click on PAIN & PAIIN in the acronym section of the glossary. Doing a threat model ... would include not only end-to-end issues .... but what aspects of PAIIN are being addressed. privacy, authentication, identification, integrity, non-repudiation (PAIIN) (see also authentication, identification, integrity, non-repudiation, privacy, security) an aspect of security can be integrity and and aspect of integrity can be dependability .... leading to things like: http://www.hdcc.cs.cmu.edu/may01/index.html which is then related back to my posting on sunday (with regard to integrity) http://www.garlic.com/~lynn/aadsm9.htm#cfppki10 CFP: PKI research workshop [EMAIL PROTECTED] on 12/31/2001 8:32 pm wrote: to which I would add: 3. Cryptography, and therefore PKI, is meaningless unless you first define a threat model. In all the messages with this Subject, I've only see one person even mention "threat model". Think about the varying threat models, and the type of cryptography one would propose to address them. Even the most common instance of encryption, encrypted web forms for hiding credit card numbers, suffers from addressing a limited threat model. There's a hell of a lot of known plaintext there. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]