Skip to content

Commit 5a4314f

Browse files
llpetersonllpeterson
committed
small edits
1 parent 67d752a commit 5a4314f

File tree

2 files changed

+11
-11
lines changed

2 files changed

+11
-11
lines changed

intro.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -266,14 +266,14 @@ behave. For example, if you plan to transmit messages over Wi-Fi on an
266266
open campus, you would likely identify an eavesdropper that can
267267
intercept messages as a threat (and adopt some of the methods
268268
discussed in this book as a countermeasure). But if you are planning
269-
to transmit messages over a fiber link between two machines in a
269+
to transmit messages over a fiber link between two servers in a
270270
locked machine room, you might trust that channel is secure, and so
271271
take no additional steps. Every system makes trust assumptions. The
272272
key is to be as explicit as possible about those assumptions, because
273273
they may change over time.
274274

275275
Taking this thought process a step further, trust assumptions aren't
276-
always as clear-cut as this strawman suggests. For example, most of us
276+
always as clear-cut as our strawman suggests. For example, most of us
277277
implicitly trust that the computer we just bought from a reputable
278278
vendor does not forward our data to an adversary, but for some use
279279
cases, the hardware supply chain is a consideration. Buying time on

principles.rst

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -78,15 +78,15 @@ to mitigate such attacks.
7878

7979
.. sidebar:: Picking Your Battles
8080

81-
*In Chapter 1 we talked about trust and threats being two sides of the
82-
same coin, but another way to frame the discussion is that every secure
83-
system design starts with two lists: (1) those elements you trust,
84-
and so can build upon; and (2) those elements you do not trust, and
85-
so must treat as a threat that you defend against. But this is no
86-
different than for any system you build: you first identify the
87-
building blocks you plan to take as a given, and then you design a
88-
solution that fills the "gap" between those building blocks and the
89-
requirements you are trying to meet.*
81+
*In Chapter 1 we talked about trust and threats being two sides of
82+
the same coin, but another way to frame the discussion is that
83+
every secure system design starts with two lists: (1) those elements
84+
you trust, and so can build upon; and (2) those elements you do not
85+
trust, and so must treat as a source of threats that you defend
86+
against. But this is no different than for any system you build:
87+
you first identify the building blocks you plan to take as a given,
88+
and then you design a solution that fills the "gap" between those
89+
building blocks and the requirements you are trying to meet.*
9090

9191
*One way in which security is unique is that over time you may
9292
discover that you need to move items from the first list to the

0 commit comments

Comments
 (0)