RE: [Cfrg] proposal for informational RFC

"David A. Mcgrew" <mcgrew@cisco.com> Thu, 08 August 2002 19:40 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA24431 for <cfrg-archive@odin.ietf.org>; Thu, 8 Aug 2002 15:40:41 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id PAA26117 for cfrg-archive@odin.ietf.org; Thu, 8 Aug 2002 15:41:55 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA26096; Thu, 8 Aug 2002 15:41:49 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA26073 for <cfrg@optimus.ietf.org>; Thu, 8 Aug 2002 15:41:48 -0400 (EDT)
Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.54]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA24408 for <cfrg@ietf.org>; Thu, 8 Aug 2002 15:40:33 -0400 (EDT)
Received: from mira-sjcm-1.cisco.com (IDENT:mirapoint@mira-sjcm-1.cisco.com [171.69.24.13]) by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g78JfG6I017952; Thu, 8 Aug 2002 12:41:16 -0700 (PDT)
Received: from MCGREWW2K (stealth-10-34-251-98.cisco.com [10.34.251.98]) by mira-sjcm-1.cisco.com (Mirapoint) with SMTP id ACE80218; Thu, 8 Aug 2002 12:32:57 -0700 (PDT)
From: "David A. Mcgrew" <mcgrew@cisco.com>
To: "Catherine A. Meadows" <meadows@itd.nrl.navy.mil>, <cfrg@ietf.org>
Subject: RE: [Cfrg] proposal for informational RFC
Date: Thu, 8 Aug 2002 12:41:15 -0700
Message-ID: <FPELKLHKCBJLMMMNOGDFEEJLDMAA.mcgrew@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
In-Reply-To: <200208081626.MAA16025@liverwurst.fw5540.net>
Content-Transfer-Encoding: 7bit
Sender: cfrg-admin@ietf.org
Errors-To: cfrg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
X-BeenThere: cfrg@ietf.org
Content-Transfer-Encoding: 7bit

Cathy,

> -----Original Message-----
> From: cfrg-admin@ietf.org [mailto:cfrg-admin@ietf.org]On Behalf Of
> Catherine A. Meadows
> Sent: Thursday, August 08, 2002 9:26 AM
> To: cfrg@ietf.org
> Cc: meadows@itd.nrl.navy.mil
> Subject: [Cfrg] proposal for informational RFC
>
>
> Hi everybody:
>
> I've been working with the IETF for a number of years, performing
> mechanized security analyses of various IETF protocols, including
> IKE and GDOI, and am presently engaged in an analysis of IKEv2.
> A while back, when I was starting work on the GDOI protocol, I gave
> an informal talk to the SMuG working group on what a security analyst
> would like to see in an Internet Draft, that is what information
> should be included to make a meaningful security analysis possible.

Yes, I remember the talk.  And for those who don't know, Cathy's mechanized
analysis made a real contribution to the security of GDOI, catching a subtle
flaw that was subsequently fixed.

> This was mainly intended to describe the type of information I need
> to perform the sort of mechanized protocol analysis that I and
> other formal methods people do, in which we assume that the
> basic cryptographic mechanisms behave as black boxes and look
> for higher-level attacks, but the requirements are general enough
> so that I think that they would apply to any kind of security
> analysis, including a cryptographic one.
>
> I've had some interest from various WGs in seeing the slides from this
> talk, and I've been passing them around on an informal basis.  But
> I've been intending to write this up in a more permament form, possibly
> as an informational RFC.  It has occurred to me that cfrg might be the
> most appropriate forum for this, especially since it would allow
> me to get feedback from others who have done security analyses of IETF
> protocols.

That sounds great.

>
> Anyway, let me know what you think.
> Would you be interested in seeing something like this?  Does cfrg look
> like an appropriate forum?

I think that the RFC that you describe would be a great contribution for
CFRG.

David


_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg