What’s Your Threat Model

As many have decried in recent threads, it all comes down the WYTM – What’s Your Threat Model.

It’s hard to come up with anything more important in crypto. It’s the starting point for … everything


First, it’s assumed that the actual end systems that the protocol is being executed on are secure [and] we assume that the attacker has more or less complete control of the communications channel between any two machines.

Ladies and Gentlemen, there you have it. The Internet Threat Model (ITM), in a nutshell, or, two nutshells, if we are using those earlier two sentance models.

It’s a strong model: the end nodes are secure and the middle is not. It’s clean, it’s simple, and we just happen to have a solution for it.

Problem is, it’s also wrong. The end systems are not secure, and the comms in the middle is actually remarkably safe.

Ian Grigg (10 years ago) via Programming is Terrible

Published by Tom Insam

programming / london / san francisco / bacon

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s