Re: [TLS] SCSV vs RI when both specified. Was: Updated draft
Martin Rex <mrex@sap.com> Mon, 21 December 2009 15:16 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A63083A693E for <tls@core3.amsl.com>; Mon, 21 Dec 2009 07:16:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.194
X-Spam-Level:
X-Spam-Status: No, score=-6.194 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0WoLHtFX0lzf for <tls@core3.amsl.com>; Mon, 21 Dec 2009 07:16:28 -0800 (PST)
Received: from smtpde03.sap-ag.de (smtpde03.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id ABE573A6A07 for <tls@ietf.org>; Mon, 21 Dec 2009 07:16:22 -0800 (PST)
Received: from mail.sap.corp by smtpde03.sap-ag.de (26) with ESMTP id nBLFG2q3001041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 21 Dec 2009 16:16:02 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200912211516.nBLFG1Rw015709@fs4113.wdf.sap.corp>
To: uri@ll.mit.edu
Date: Mon, 21 Dec 2009 16:16:01 +0100
In-Reply-To: <90E934FC4BBC1946B3C27E673B4DB0E4A7EE854018@LLE2K7-BE01.mitll.ad.local> from "Blumenthal, Uri - 0662 - MITLL" at Dec 20, 9 07:53:56 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] SCSV vs RI when both specified. Was: Updated draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 15:16:30 -0000
Blumenthal, Uri - 0662 - MITLL wrote: > > Please indulge me: the one short compelling reason why we don't want > to say "when two signals are present use this one and ignore the other" > instead of "when two signals are present - abort connection" - is...? I do not think such a reason exists. The justification that has been given so far is "because that is what the document says". If you look at the document from the perspective of formal correctness proofing, then this is justification is based on a defect in the document. > > > http://digbib.ubka.uni-karlsruhe.de/volltexte/documents/1827 > > OK. Karlsruhe server time-outs on me, so no chance to get enlightened > by checking that thread. That URL refers to a publication called "Would you ever risk a non-monomorphic specication?" It is about formal correctness proofing of specifications and implementations. I am _not_ an expert in the field of formal correction proofing, and in theoretical math stuff, I am more of a practical type of person. But I have a good understanding of some of the principles and methodologies involved. In 1996 I shared office for 5 month with a student from the University of Karlsruhe who did his master thesis at our company developing a formal specification for the authorization model in our application software and doing a formal correctness proof, using a tool called "Karlsruhe Interactive Verifier (KIV)" which was also used for above document. This resulted in a number of fixes to our design and implementation. I found the underlying concepts and methodologies so interesting and intriguing that I started implmenting a "generic" gssapi-mechanism in order to locate inconsistencies and ambiguities in the GSS-API v2 during the following 2 years, and get them fixed in the IETF CAT WG before publishing GSS-API v2. (the most part of this generic implementation was re-used to build my gssntlm.dll/gsskrb5.dll wrappers for Microsoft NTLM and Kerberos 5 SSP to provide a GSS-API v2 compliant API ftp://ftp.sap.com/pub/ietf-work/gssapi/gsskrb5/) The methodology of the KIV tool is to create an implementation of the given specification, and it asks the operater to manually ("interactively") resolve all ambiguities and conflicts that prevent an full implementation of the spec. The KIV tool will actually output a 100% bugfree implementation of the spec (back then you could ask for C or C++ output). Probably the biggest and most time-consuming part for tool-based formal verification is the translation from a specification that mere humans understand into predicate logic (and backwards for all the resolved problems). What formal proofing does _not_ provide is coming up with specification that are actually useful and do what you want. The most intriguing part is, that the methodology not only works for the spec -> code transformation, it can also be used for the solution-architecture -> spec transformation. -Martin
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Michael D'Errico
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Michael D'Errico
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Steve Checkoway
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Steve Checkoway
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Steve Checkoway
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Pasi.Eronen
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Yoav Nir
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Michael D'Errico
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Dr Stephen Henson
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Michael D'Errico
- Re: [TLS] SCSV vs RI when both specified - consen… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified - consen… Nasko Oskov
- Re: [TLS] SCSV vs RI when both specified - consen… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified - consen… Michael D'Errico
- Re: [TLS] SCSV vs RI when both specified - consen… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Yoav Nir
- Re: [TLS] SCSV vs RI when both specified - consen… Yoav Nir
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Kemp, David P.
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Ben Laurie
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Kemp, David P.
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Steve Dispensa
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Kemp, David P.
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Kemp, David P.
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Kyle Hamilton