It's a bit shorter and focused for people interested in privacy.
by raychis
2 subcomments
Really enjoyed this framing of threat modelling as a way to make assumptions explicit and not just a compliance checklist. It was also quite amusing and sassy. Well done to the author, great piece!
The point that secure is meaningless without defining the adversary and assets is especially important.
One thing it doesn't tackle that I would like to know more about is how do teams keep these assumptions and threat models current as the system and its environment evolve? I think that is a massive challenge.
by mapontosevenths
2 subcomments
This is the best gay furry blog post about threat modeling I've seen all day!
by ezst
3 subcomments
Maybe I shouldn't, but I stopped taking the author seriously for their lack of nuance/extremely biased views favouring Signal in every article about E2EE applied to IM. But I do agree that threat modeling is just a support to formalize and document the variables in the threat equation. It doesn't say anything about whether the threat is reasonable, legitimate and grounded in reality, so it's only knocking the subjectivity can a tad down the road.
by teravor
3 subcomments
> Hybrid PQ+ECDH is a hedged bet against an algorithm break before Q-Day, but is utterly fucking useless over Pure PQ once Q-Day occurs.
there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity) or because the entire field was a scam. in that scenario abandoning ECC would have been pretty stupid.
by evanprodromou
0 subcomment
Wow, excellent guide! And I love the E2EE example.