RE: [Cfrg] proposal for informational RFC

[Ran Canetti <canetti@watson.ibm.com>]

Great idea!

I guess the first step would be an I-D...

Ran

> 
> Hi everybody:
> 
> I've been working with the IETF for a number of years, performing
> mechanized security analyses of various IETF protocols, including
> IKE and GDOI, and am presently engaged in an analysis of IKEv2.
> A while back, when I was starting work on the GDOI protocol, I gave
> an informal talk to the SMuG working group on what a security analyst
> would like to see in an Internet Draft, that is what information
> should be included to make a meaningful security analysis possible.
> This was mainly intended to describe the type of information I need
> to perform the sort of mechanized protocol analysis that I and
> other formal methods people do, in which we assume that the
> basic cryptographic mechanisms behave as black boxes and look
> for higher-level attacks, but the requirements are general enough
> so that I think that they would apply to any kind of security
> analysis, including a cryptographic one.
> 
> I've had some interest from various WGs in seeing the slides from this
> talk, and I've been passing them around on an informal basis.  But
> I've been intending to write this up in a more permament form, possibly
> as an informational RFC.  It has occurred to me that cfrg might be the
> most appropriate forum for this, especially since it would allow
> me to get feedback from others who have done security analyses of IETF
> protocols.
> 
> Anyway, let me know what you think.
> Would you be interested in seeing something like this?  Does cfrg look
> like an appropriate forum?
> 
> Cathy




_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg