You are of course correct that in the general case for threat models above a risk threshold, one cannot trust hardware. But that is not the argument under discussion. The argument being made is that it doesn't matter if the ME is a big fat target, because (f'instance) your NIC could also be a big fat target we just don't know about.
That is the argument I am asserting is dumb. And it is obviously dumb; in adversarial contests, you don't leave weaknesses exposed just because you might have other weaknesses[1]. It also ignores the presence of differential threats; I may not care about hypothetical compromised NICs because my use case my not require a network, but need anti-evil-maid defenses.
Bottom line: in the context of discussing whether or not the ME is dangerous in the general case, other potential hardware threats are irrelevant, and I believe the argument is one used to intentionally muddy the waters.
[1] Putting aside deeper strategies; I'm not going to argue about game theory here.
That is the argument I am asserting is dumb. And it is obviously dumb; in adversarial contests, you don't leave weaknesses exposed just because you might have other weaknesses[1]. It also ignores the presence of differential threats; I may not care about hypothetical compromised NICs because my use case my not require a network, but need anti-evil-maid defenses.
Bottom line: in the context of discussing whether or not the ME is dangerous in the general case, other potential hardware threats are irrelevant, and I believe the argument is one used to intentionally muddy the waters.
[1] Putting aside deeper strategies; I'm not going to argue about game theory here.