Threat Model

[decanus]

Currently there is no threat model attached to our protocol, this is an important aspect of building secure protocols however.

Acceptance Criteria

• All specs have a threat model.
• The threat model RFC is completed to mirror our template.

[corpetty]

propose to have a work session around the RFC. Desired outcomes will be:

• detailed understanding of the work that needs to be done to have a completed RFC
• who is going to own that
• expected timeline to finish it

[oskarth]

What's the state of this issue? The goal was to have something timeboxed that could be done in April.

[oskarth]

This doesn't seem to be happening, especially last month. If it is deprioritized, let's be explicit and close it with a note.

@corpetty @decanus

[oskarth]

Yeah this never happened. In the future, please be explicit about deprio in issue so we can be honest with ourselves.