Re: CFP: PKI research workshop (fwd)

---------- Forwarded message ---------- Date: Mon, 31 Dec 2001 22:32:41 -0500 (EST) From: Russell Nelson To: cryptography@wasabisystems.com Subject: Re: CFP: PKI research workshop Andrew Odlyzko writes:

1. Cryptography does not fit human life styles easily. 2. Novel technologies take a long time to diffuse through society.

to which I would add: 3. Cryptography, and therefore PKI, is meaningless unless you first define a threat model. In all the messages with this Subject, I've only see one person even mention "threat model". Think about the varying threat models, and the type of cryptography one would propose to address them. Even the most common instance of encryption, encrypted web forms for hiding credit card numbers, suffers from addressing a limited threat model. There's a hell of a lot of known plaintext there. -- -russ nelson http://russnelson.com Crynwr sells support for free software | PGPok | If you argue with someone 521 Pleasant Valley Rd. | +1 315 268 1925 voice | who is not rational, he will Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | always win, in his own mind. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com