[Cfrg] proposal for informational RFC

["Catherine A. Meadows" <meadows@itd.nrl.navy.mil>]

Hi everybody:

I've been working with the IETF for a number of years, performing
mechanized security analyses of various IETF protocols, including
IKE and GDOI, and am presently engaged in an analysis of IKEv2.
A while back, when I was starting work on the GDOI protocol, I gave
an informal talk to the SMuG working group on what a security analyst
would like to see in an Internet Draft, that is what information
should be included to make a meaningful security analysis possible.
This was mainly intended to describe the type of information I need
to perform the sort of mechanized protocol analysis that I and
other formal methods people do, in which we assume that the
basic cryptographic mechanisms behave as black boxes and look
for higher-level attacks, but the requirements are general enough
so that I think that they would apply to any kind of security
analysis, including a cryptographic one.

I've had some interest from various WGs in seeing the slides from this
talk, and I've been passing them around on an informal basis.  But
I've been intending to write this up in a more permament form, possibly
as an informational RFC.  It has occurred to me that cfrg might be the
most appropriate forum for this, especially since it would allow
me to get feedback from others who have done security analyses of IETF
protocols.

Anyway, let me know what you think.
Would you be interested in seeing something like this?  Does cfrg look
like an appropriate forum?

Cathy

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg