[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Cfrg] proposal for informational RFC

To: "Catherine A. Meadows" <meadows@itd.nrl.navy.mil>, <cfrg@ietf.org>
Subject: RE: [Cfrg] proposal for informational RFC
From: "David A. Mcgrew" <mcgrew@cisco.com>
Date: Thu, 8 Aug 2002 12:41:15 -0700
Importance: Normal
In-Reply-To: <200208081626.MAA16025@liverwurst.fw5540.net>
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
Sender: cfrg-admin@ietf.org

Cathy,

> -----Original Message-----
> From: cfrg-admin@ietf.org [mailto:cfrg-admin@ietf.org]On Behalf Of
> Catherine A. Meadows
> Sent: Thursday, August 08, 2002 9:26 AM
> To: cfrg@ietf.org
> Cc: meadows@itd.nrl.navy.mil
> Subject: [Cfrg] proposal for informational RFC
>
>
> Hi everybody:
>
> I've been working with the IETF for a number of years, performing
> mechanized security analyses of various IETF protocols, including
> IKE and GDOI, and am presently engaged in an analysis of IKEv2.
> A while back, when I was starting work on the GDOI protocol, I gave
> an informal talk to the SMuG working group on what a security analyst
> would like to see in an Internet Draft, that is what information
> should be included to make a meaningful security analysis possible.

Yes, I remember the talk.  And for those who don't know, Cathy's mechanized
analysis made a real contribution to the security of GDOI, catching a subtle
flaw that was subsequently fixed.

> This was mainly intended to describe the type of information I need
> to perform the sort of mechanized protocol analysis that I and
> other formal methods people do, in which we assume that the
> basic cryptographic mechanisms behave as black boxes and look
> for higher-level attacks, but the requirements are general enough
> so that I think that they would apply to any kind of security
> analysis, including a cryptographic one.
>
> I've had some interest from various WGs in seeing the slides from this
> talk, and I've been passing them around on an informal basis.  But
> I've been intending to write this up in a more permament form, possibly
> as an informational RFC.  It has occurred to me that cfrg might be the
> most appropriate forum for this, especially since it would allow
> me to get feedback from others who have done security analyses of IETF
> protocols.

That sounds great.

>
> Anyway, let me know what you think.
> Would you be interested in seeing something like this?  Does cfrg look
> like an appropriate forum?

I think that the RFC that you describe would be a great contribution for
CFRG.

David


_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

References:
- [Cfrg] proposal for informational RFC
  - From: Catherine A. Meadows

Prev by Date: Re: [Cfrg] proposal for informational RFC
Next by Date: Re: [Cfrg] proposal for informational RFC
Previous by thread: Re: [Cfrg] proposal for informational RFC
Next by thread: Re: [Cfrg] proposal for informational RFC
Index(es):
- Date
- Thread