nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqq2u2afqm22e4k9kt4rxvl205pks6zmxuwq5dkuzgc6g8rp3x6cqqn9x9w4 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq5zducn0qs573hhreraem60awk3dpfc8...
@nprofile1q...
@nprofile1q... @nprofile1q... @nprofile1q... and why would bittorrent not have threat model? Certainly, I'd expect that a safety critical app using it as a transport layer would need to take the time to figure what threat model it de facto implemented and make sure that was suitable for how they were using it. That's much more expensive than doing it the other way around, though, and leads to dangerous cases where the upstream does not know what security properties of their system downstream users are depending on them, leading to nasty and hard to fix vulnerabilities when they're broken without notice. Which is why folks building systems where security matters usually build on tools with a proper security engineering foundation.
@nprofile1q... @nprofile1q... @nprofile1q... and why would bittorrent not have threat model? Certainly, I'd expect that a safety critical app using it as a transport layer would need to take the time to figure what threat model it de facto implemented and make sure that was suitable for how they were using it. That's much more expensive than doing it the other way around, though, and leads to dangerous cases where the upstream does not know what security properties of their system downstream users are depending on them, leading to nasty and hard to fix vulnerabilities when they're broken without notice. Which is why folks building systems where security matters usually build on tools with a proper security engineering foundation.