---------- Forwarded message ----------
Date: Mon, 31 Dec 2001 22:32:41 -0500 (EST)
From: Russell Nelson
1. Cryptography does not fit human life styles easily. 2. Novel technologies take a long time to diffuse through society.
to which I would add:
3. Cryptography, and therefore PKI, is meaningless unless you first
define a threat model. In all the messages with this Subject, I've
only see one person even mention "threat model". Think about the
varying threat models, and the type of cryptography one would propose
to address them. Even the most common instance of encryption,
encrypted web forms for hiding credit card numbers, suffers from
addressing a limited threat model. There's a hell of a lot of known
plaintext there.
--
-russ nelson