9.1 Threat Model Overview
"What attacks are eliminated — and why"
PTERI does not attempt to defend against every theoretical attack.
It eliminates entire classes of real-world attacks by removing their prerequisites.
PTERI assumes:
- Networks are hostile
- Servers may be compromised
- Credentials will leak
- Automation will be abused
- Attackers are persistent
PTERI does not assume:
- Trusted servers
- Secret storage safety
- Honest intermediaries
- Manual review as a defense
Instead, PTERI relies on:
- Cryptographic proof
- Deterministic verification
- Minimal trust surfaces
