As many have decried in recent threads, it all comes down the WYTM – What’s Your Threat Model.
It’s hard to come up with anything more important in crypto. It’s the starting point for … everything
First, it’s assumed that the actual end systems that the protocol is being executed on are secure [and] we assume that the attacker has more or less complete control of the communications channel between any two machines.
Ladies and Gentlemen, there you have it. The Internet Threat Model (ITM), in a nutshell, or, two nutshells, if we are using those earlier two sentance models.
It’s a strong model: the end nodes are secure and the middle is not. It’s clean, it’s simple, and we just happen to have a solution for it.
Problem is, it’s also wrong. The end systems are not secure, and the comms in the middle is actually remarkably safe.