Ralph Holz <[email protected]> writes: >As an addendum to my last mail, I would like to add that TLS itself does not >have a threat model.
Very few crypto/security standards do. DNSSEC has one, but that was tacked on well after the RFCs were written. The other way of looking at it is that crypto/security standards all (well, almost all) have the same threat model, which I refer to in my book as the Inside-Out Threat Model: Whatever this standard happens to defend against is defined to be the threat. Peter. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
