one of the largest financial networks ... slightly different kind http://www.garlic.com/~lynn/2001n.html#22
again financial ... discussion of additional kinds of risks/threats Sound Practices for the Management and Supervision of Operational Risk http://www.bis.org/publ/bcbs86.htm Intro ... The purpose of this paper, prepared by the Risk Management Group of the Basel Committee on Banking Supervision (the Committee), is to further the Committee's dialogue with the industry on the development of Sound Practices for the Management and Supervision of Operational Risk. Comments on the issues outlined in this paper would be welcome, and should be submitted to relevant national supervisory authorities and central banks and may also be sent to the Secretariat of the Basel Committee on Banking Supervision at the Bank for International Settlements, CH-4002 Basel, Switzerland by 31 March 2002. Comments may be submitted via e-mail: [EMAIL PROTECTED] or by fax: + 41 61 280 9100. Comments on this paper will not be posted on the BIS website. <[EMAIL PROTECTED]> on 12/31/2001 8:32 pm wrote: to which I would add: 3. Cryptography, and therefore PKI, is meaningless unless you first define a threat model. In all the messages with this Subject, I've only see one person even mention "threat model". Think about the varying threat models, and the type of cryptography one would propose to address them. Even the most common instance of encryption, encrypted web forms for hiding credit card numbers, suffers from addressing a limited threat model. There's a hell of a lot of known plaintext there. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
