RE: [Cfrg] proposal for informational RFC

"David A. Mcgrew" <> Thu, 08 August 2002 19:40 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id PAA24431 for <>; Thu, 8 Aug 2002 15:40:41 -0400 (EDT)
Received: (from daemon@localhost) by (8.9.1a/8.9.1) id PAA26117 for; Thu, 8 Aug 2002 15:41:55 -0400 (EDT)
Received: from (localhost []) by (8.9.1a/8.9.1) with ESMTP id PAA26096; Thu, 8 Aug 2002 15:41:49 -0400 (EDT)
Received: from (odin []) by (8.9.1a/8.9.1) with ESMTP id PAA26073 for <>; Thu, 8 Aug 2002 15:41:48 -0400 (EDT)
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id PAA24408 for <>; Thu, 8 Aug 2002 15:40:33 -0400 (EDT)
Received: from ( []) by (8.12.2/8.12.2) with ESMTP id g78JfG6I017952; Thu, 8 Aug 2002 12:41:16 -0700 (PDT)
Received: from MCGREWW2K ( []) by (Mirapoint) with SMTP id ACE80218; Thu, 8 Aug 2002 12:32:57 -0700 (PDT)
From: "David A. Mcgrew" <>
To: "Catherine A. Meadows" <>, <>
Subject: RE: [Cfrg] proposal for informational RFC
Date: Thu, 8 Aug 2002 12:41:15 -0700
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
In-Reply-To: <>
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <>
Content-Transfer-Encoding: 7bit


> -----Original Message-----
> From: []On Behalf Of
> Catherine A. Meadows
> Sent: Thursday, August 08, 2002 9:26 AM
> To:
> Cc:
> Subject: [Cfrg] proposal for informational RFC
> Hi everybody:
> I've been working with the IETF for a number of years, performing
> mechanized security analyses of various IETF protocols, including
> IKE and GDOI, and am presently engaged in an analysis of IKEv2.
> A while back, when I was starting work on the GDOI protocol, I gave
> an informal talk to the SMuG working group on what a security analyst
> would like to see in an Internet Draft, that is what information
> should be included to make a meaningful security analysis possible.

Yes, I remember the talk.  And for those who don't know, Cathy's mechanized
analysis made a real contribution to the security of GDOI, catching a subtle
flaw that was subsequently fixed.

> This was mainly intended to describe the type of information I need
> to perform the sort of mechanized protocol analysis that I and
> other formal methods people do, in which we assume that the
> basic cryptographic mechanisms behave as black boxes and look
> for higher-level attacks, but the requirements are general enough
> so that I think that they would apply to any kind of security
> analysis, including a cryptographic one.
> I've had some interest from various WGs in seeing the slides from this
> talk, and I've been passing them around on an informal basis.  But
> I've been intending to write this up in a more permament form, possibly
> as an informational RFC.  It has occurred to me that cfrg might be the
> most appropriate forum for this, especially since it would allow
> me to get feedback from others who have done security analyses of IETF
> protocols.

That sounds great.

> Anyway, let me know what you think.
> Would you be interested in seeing something like this?  Does cfrg look
> like an appropriate forum?

I think that the RFC that you describe would be a great contribution for


Cfrg mailing list