On Mon, Sep 12, 2011 at 9:15 AM, M.R. <makro...@gmail.com> wrote: > In these long and extensive discussions about "fixing PKI" there > seems to be a fair degree of agreement that one of the reasons > for the current difficulties is the fact that there was no precisely > defined threat model, documented and agreed upon ~before~ the > "SSL system" was designed and deployed.
We know what the threat model should have been. That ought to be enough to figure out what to do, but evidently it's not. Besides the difficulty in getting agreement on what to do, it's also difficult to agree on what constraints we face. I agree that lots of very long posts here aren't necessarily helpful (tl;dr). There's too many points of view and no synthesis. It might be useful to have someone (volunteer, of course) summarize all of these very long posts so that they might be more accessible to those of us who have other draws on our time. Better yet: use restraint before posting! Don't retread; assume reader familiarity; include references where possible; be concise (even if not precise; precision can come later). Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
