-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a sensitive information threat model #12
Conversation
2eba6d2
to
b2f3367
Compare
b2f3367
to
c4c99d3
Compare
c4c99d3
to
542cfcc
Compare
af69f64
to
e010f53
Compare
Should the definitions of restricted/not restricted explain in more detail what that means and why they're restricted? Possible text:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should the definitions of restricted/not restricted explain in more detail what that means and why they're restricted?
Great text; I've taken it.
Looks good to me; great that we've marked some of the open issues so that it'll be clear the ongoing work we'll need on this kind of threat. |
Does this look like a reasonable way to express the threat model for sensitive information? Attackers don't seem to have varying capabilities for this high-level threat, and their only goal is to get the piece of information. I think the variance and disagreement between user agents comes in the choice of how to infer user intent and the choice of what information is sensitive.
Preview | Diff