Well it may not be the MITM attack but the noise of other things that mean nothing from a threat standpoint that finally destroys us. Wasting resources on a predetermined threat seems like selling sun block in Alaska, good for six months out of the year, maybe less.
The failures are in assumptions that ordain a threat that has not been exposed. So what is the exposed threat? The answer to that question is the million dollar answer, of course.
Whatever it is, it has to be hyped properly, leveraged, and branded, then the value could be in the billions. This sounds like a Microsoft business group already, maybe I can sell stock on the inflated concept.
The threat model is the real threat.
Posted by Jimbo at August 4, 2004 07:39 AM> The threat model is the real threat.
I love it! Yes, indeed, there is a germ of painful truth in that. The cold hard fact of it is that starting with a threat model raises the question of who chose those threats.
Threats should either be mandated by the customer - he who pays for the system - or they should be validated in an economic risk model. If neither is done, we are asking ourselves to pick and choose from among a grab bag of sexy and boring stuff.
As the technical world is often separated from reality, by many handshakes and degrees, it's no surprise that if we pick our own threats, we get it wrong.
Posted by Iang at August 4, 2004 07:51 AMRight on track, here's the news from the US:
http://news.com.com/FBI+wants+to+eavesdrop+on+fiber+links/2100-7347_3-5295560.html?tag=nefd.top