More to the point, KPA,CPA, etc are very important, and systems should be definitely tested against them, but in real attacks, they may not be available