IETF Logo Mail Archive

Re: [irtf-discuss] [115attendees] Usable formal methods side meeting at IETF 115

Sampo Syreeni <decoy@iki.fi> Mon, 05 December 2022 04:18 UTC

Return-Path: <decoy@iki.fi>
X-Original-To: irtf-discuss@ietfa.amsl.com
Delivered-To: irtf-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93BBCC14CF15; Sun, 4 Dec 2022 20:18:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.119
X-Spam-Level:
X-Spam-Status: No, score=-1.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBOG4Pn9pT5G; Sun, 4 Dec 2022 20:18:18 -0800 (PST)
Received: from mail.kapsi.fi (mail.kapsi.fi [IPv6:2001:67c:1be8::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2897C14CE23; Sun, 4 Dec 2022 20:18:16 -0800 (PST)
Received: from kapsi.fi ([2001:67c:1be8::11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <decoy@iki.fi>) id 1p22vi-0045fA-AR; Mon, 05 Dec 2022 06:18:10 +0200
Received: from decoy (helo=localhost) by lakka.kapsi.fi with local-esmtp (Exim 4.94.2) (envelope-from <decoy@iki.fi>) id 1p22vh-008Z2g-VB; Mon, 05 Dec 2022 06:18:09 +0200
Date: Mon, 05 Dec 2022 06:18:09 +0200
From: Sampo Syreeni <decoy@iki.fi>
To: Jonathan Hoyland <jonathan.hoyland@gmail.com>
cc: Buday Gergely <buday.gergely.istvan=40uni-mate.hu@dmarc.ietf.org>, Colin Perkins <csp@csperkins.org>, irtf-discuss@irtf.org, 115attendees@ietf.org
In-Reply-To: <CACykbs3VQ6SYwzXxG50TheX2qEwsGGZCyDs8CgqiPFyPCNYeQA@mail.gmail.com>
Message-ID: <52331f26-3a3-7857-4b3b-e5e7e2a99b34@lakka.kapsi.fi>
References: <C91D3863-37D3-4E09-B1F9-588C316240CD@csperkins.org> <281e560d-0b89-53a5-de75-bfe68004917c@uni-mate.hu> <f03ea379-b15f-81b-76fa-f893a57f527@lakka.kapsi.fi> <439e42fe-0070-bcd8-602d-33f750224a44@uni-mate.hu> <CACykbs3VQ6SYwzXxG50TheX2qEwsGGZCyDs8CgqiPFyPCNYeQA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
X-Rspam-Score: -1.6 (-)
X-Rspam-Report: Action: no action Symbol: ARC_NA(0.00) Symbol: BAYES_HAM(-3.00) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: FREEMAIL_ENVRCPT(0.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: TAGGED_RCPT(0.00) Symbol: MIME_GOOD(-0.10) Symbol: DMARC_NA(0.00) Symbol: TO_DN_SOME(0.00) Symbol: RCPT_COUNT_FIVE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: NEURAL_HAM(-0.00) Symbol: FREEMAIL_TO(0.00) Symbol: FROM_EQ_ENVFROM(0.00) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: RCVD_COUNT_TWO(0.00) Symbol: SUSPICIOUS_RECIPS(1.50) Message-ID: 52331f26-3a3-7857-4b3b-e5e7e2a99b34@lakka.kapsi.fi
X-SA-Exim-Connect-IP: 2001:67c:1be8::11
X-SA-Exim-Mail-From: decoy@iki.fi
X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/irtf-discuss/yR1oND6K2lTQuCnHEzTfs2V0zJA>
Subject: Re: [irtf-discuss] [115attendees] Usable formal methods side meeting at IETF 115
X-BeenThere: irtf-discuss@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IRTF general and new-work discussion list <irtf-discuss.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/irtf-discuss>, <mailto:irtf-discuss-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/irtf-discuss/>
List-Post: <mailto:irtf-discuss@irtf.org>
List-Help: <mailto:irtf-discuss-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/irtf-discuss>, <mailto:irtf-discuss-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2022 04:18:22 -0000

On 2022-11-08, Jonathan Hoyland wrote:

> A common method for formally analysing protocols is to express them in 
> some kind of rewriting system, and then check that the system has some 
> LTL property.

That doesn't really answer the question, though. Because *anything* at 
*all*, *any* computation can be expressed as a rewritng system. Just 
look at lambda calculus and the Church-Turing thesis.

It's not about what is *possible* or how it's mathematically expressed. 
It's about how it's *structured* for *human* consumpition.

> For example Tamarin is a software tool that uses multi-set rewriting 
> to express protocols, [...]

You said it yourself, just now. It's about how to structure your logic. 
In this case using multilsets.

> [...] and a fragment of first order logic to analyse them. It was used 
> to analyse, for example, TLS 1.3, and find mistakes in some of the 
> drafts.

"A fragment", yes. Because the whole deal might be intractable.

Also, if you want to formalize and analyze protocols, you most likely 
need to apply temporal/modal logics. Quite beyond the kinds of logics 
uhnderpinning e.g. free or even tagged-tree or heaven forbid attribute 
grammars. (Which, by the way, under their most general semantics, 
approach in their generality the Church-Turing bound.)

> Formal verification looks at code and checks that it implements some 
> spec.

So it it's spec, duh. So the sages of the field defined it, from the 
beginning.

> One technique for formally verifying protocols is to write the code in 
> some restricted programming language, and then use tools to check that 
> that code has some property.

It doesn't matter which language the code is written in. The only thing 
which matters is whether we know what the code *means*, *logically*, 
and so whether we can ascertain its validity.


> For example you can use EasyCrypt and Jasmin to write low-level crypto 
> code, and verify its security properties, including checking for 
> things like side channel safety. Alternatively you can use F# with F7 
> to analyse code. There are formally verified implementations of things 
> from ChaChaPoly to TLS 1.3. Formally verified code is deployed in 
> projects such as Chrome and Firefox.

True, but we could do even better. Why not just write preconditions and 
invariants everywhere? All over the code? So that theorem provers could 
make sure our code is correct throughout? Notify the coder if something 
was amiss?

That's not too difficult to do, and would definitely cut a bug or two 
every here and then.

> The idea of generating prose from a specification is interesting, but 
> not something I have seen any work on so far.

I've seen some work around these parts already. Even GPT-3 has been 
applied to this problem. However, that work only solves the problem of 
generating prose from a specification, somehow intuitionistically. It 
does not solve the problem of generating a proper, valid and sound 
logical document, from a description. "You can't be sure about what 
you're reading."
-- 
Sampo Syreeni, aka decoy - decoy@iki.fi, http://decoy.iki.fi/front
+358-40-3751464, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

v2.23.0 | Report a Bug | By Email