!!! Overview
[{$pagename}] is described in [BCP 72] as a fairly well understood [Threat Model].In general, we assume that the end-systems engaging in a [protocol] exchange have not themselves been compromised.  Protecting against an attack when one of the end-systems has been compromised is extraordinarily difficult.  It is, however, possible to design [protocols] which minimize the extent of the damage done under these circumstances.

By contrast, we assume that the [attacker] has nearly __complete control__ of the [communications] [channel] over which the end-systems communicate.This means that the [attacker] can read any [Protocol Data Unit] ([PDU]) on the [network] and undetectably remove, change, or inject forged [packets] onto the wire.  This includes being able to generate [packets] that appear to be from a trusted machine.  Thus, even if the end-system with which you wish to communicate is itself secure, the [Internet] environment provides no assurance that [packets] which claim to be from that system in fact are.It's important to realize that the meaning of a [Protocol Data Unit] is different at  different levels.  At the [IP] level, a [PDU] means an [IP] [packet].  At the [TCP] level, it means a [TCP] [segment].  At the [Application Layer], [PDU] means some kind of [application] PDU.  For instance, at the level of [Email], it might either mean an [RFC 822] message or a single [SMTP] command.  At the [HTTP] level, it might mean a [request] or [response].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]