> 7. Risks to typical Mozilla users should be assessed in accordance with > a documented threat model based on the activities in which those users > might tpically engage, e.g., online shopping and banking, using other > access-controlled web sites and services, submitting personal > information to companies and government agencies, exchanging personal > email with others, downloading and installing new software on their > personal systems, and comparable activities. > > Rationale: Risk analysis doesn't make sense in the absence of an > agreed-upon threat model, and that threat model should be based on what > users are actually doing in practice.
This points out the difficulty of correctly analysing the threat model that is appropriate. Consider American credit card holders, versus non-Americans holding credit cards, as discussed recently here.
Outside USA, most countries have laws on the books that put the banks in charge of fraudulent credit card transactions. Not so in America, it seems.
So, a typical "world user" is covered - without risk - when using a browser to purchase goods (however they do it). Whereas a US user might face a risk of quite severe proportions (again, however they use the card).
Which risk is a security modeller to pick? It's very tricky. For this reason, I'd say that trying to document a threat model might be harder than we think, as it may very well result in a different model depending on what country we are talking about.
Which means that every criticism could be equally valid, and not valid at the same time. I often criticise the threat model used by SSL's original designers for including the MITM, without validating it; but, in the light of potentially huge credit card risks by US designers, it might be that it made more sense to them to go over the top in worrying about something they couldn't measure.
I suppose the thing here is to try to create a threat model and see how far we get. Interesting task!
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
