Independent This document defines an attack model and discusses threats based on the system design presented in [I-D.ietf-trans-rfc6962-bis]. It analyzes potential vulnerabilities associated with that design, and considers compromises of system elements and malicious behavior by such elements. It does not consider implementation vulnerabilities, including ones that might enable denial of service attacks against these elements.