Re: [Ufmrg] [EXT] Re: A few questions about UFMRG goals
Nadim Kobeissi <nadim@symbolic.software> Fri, 08 September 2023 13:10 UTC
Return-Path: <nadim@symbolic.software>
X-Original-To: ufmrg@ietfa.amsl.com
Delivered-To: ufmrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D583C15107E for <ufmrg@ietfa.amsl.com>; Fri, 8 Sep 2023 06:10:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=symbolic.software header.b="Qmdopnwp"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="YYRlpnWG"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o3qWVITaL7VV for <ufmrg@ietfa.amsl.com>; Fri, 8 Sep 2023 06:10:27 -0700 (PDT)
Received: from wnew3-smtp.messagingengine.com (wnew3-smtp.messagingengine.com [64.147.123.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5E86C151075 for <ufmrg@ietfa.amsl.com>; Fri, 8 Sep 2023 06:10:27 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailnew.west.internal (Postfix) with ESMTP id 069252B001A4; Fri, 8 Sep 2023 09:10:24 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Fri, 08 Sep 2023 09:10:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= symbolic.software; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1694178624; x=1694182224; bh=qy kMCOqD8gzxnatOTkot+h/Z6p+EP+7ArlI96BZ9YWU=; b=QmdopnwpL2399jkaWj DJOuHoH6G0puMycbhdS0791f5L/U25VHriI6bu90uhn/Uyqcnr/ELxL+GCSVSbDa VRgdNTzXjk9YV9TXQJnZoUqtT87KorQB0mcLFZCHB1Xfl6+StWrqNNsXQWcaj0qm HZAxvVYCFdfHeSURcVy3c3I5/7iwJitb1cpMNu39K1ZuQ+f4pwoxjNxJX+YkloUb n+4xVRwZwqp5P+01j9Z+HWUZpXkZI4rwXN29NUHf3g9Dq8fz6nWtL2XQP4OVOCd4 amdZyjGcd5Q9Bc4wYbZ3CtS88cK125Cb9BUb74qT3EYOb+sUytQ+nT1uOKeQXrCq c45A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1694178624; x=1694182224; bh=qykMCOqD8gzxnatOTkot+h/Z6p+EP+7ArlI 96BZ9YWU=; b=YYRlpnWG/BbZKDemQmmMdPQ8oRNKRUph72+ySLEFgz6mAqaZs5H xFXHbwY/RVqJ4Ax2q2F3BDYOEAunIFJrfw2e8gSsZuBWDLH/HTErg79D+BtHatWQ UelmV1gU+DEX+wd9uX5XlWbKFKQtYN/Sin1tFn72rqOoZkR0pVTl2szDbGNc8j92 c1jELHUIDSCkNutmKJLER2uXYPxO1cMBjbn2VJ0AlNO/IMhevPOcJivOHmuLdGY/ 4NY77Hg/LzeA3Dh3uwjUEinX5wO7v1i0OX8kExE3LeXe4u3MeBI6QahmsNPTK4t7 sgQii3qSxKBv7ShYHOvb6Vo8dNpMTHY7E+w==
X-ME-Sender: <xms:Px37ZL00wfUpnXJUbcaXqz-kAoPqToy1tYWsymveZqc7e4kJZs9TLQ> <xme:Px37ZKFe1wQnZEjyP0hr_0H49Idoukzoo4x-Z6lVz0bwsznI5E6-yGWa34o9qzbez jnLDvlvaw34HYHrTsY>
X-ME-Received: <xmr:Px37ZL5IhGB7zbJi3O3-GzjJY1d38qJlW_5QTUTDfvYQcwCGZP9BKEwNFFU1u0gUHiu8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrudehjedgiedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkffuhffvveffjghfohgtgfgfggesthhqredttderjeenucfhrhhomheppfgr ughimhcumfhosggvihhsshhiuceonhgrughimhesshihmhgsohhlihgtrdhsohhfthifrg hrvgeqnecuggftrfgrthhtvghrnhepgfdtgfeviedvvefgleetkeefgefffeehheduveev jeeifeeugeejhfejleegledtnecuffhomhgrihhnpehshihmsgholhhitgdrshhofhhtfi grrhgvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep nhgrughimhesshihmhgsohhlihgtrdhsohhfthifrghrvg
X-ME-Proxy: <xmx:Px37ZA0ZuQl1doWtNgyUUpFpvEAz7l_ZhmLLQl8ppRz__ROFuCyaaQ> <xmx:Px37ZOEckQoKLwz-XOpuUl6cLmETXbPOLYAZvaP4lhW8DQgK8lqtog> <xmx:Px37ZB8ODh6k4p-x9TNGMTjORjz1anrcQDZz73b3CTfBYeRESpaKJg> <xmx:QB37ZDSF9CVnk_p5arTnfXaG2Sb47D3QCy4MoALv7fHkAJvLv25k216ocUE>
Feedback-ID: i6d3949ed:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 8 Sep 2023 09:10:22 -0400 (EDT)
Message-ID: <ef7abd783a06a79c7e7c4b31838efbffab9958ae.camel@symbolic.software>
From: Nadim Kobeissi <nadim@symbolic.software>
To: Jonathan Hoyland <jonathan.hoyland@gmail.com>, Joshua D Guttman <guttman@mitre.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, ufmrg@ietfa.amsl.com
Date: Fri, 08 Sep 2023 15:10:21 +0200
In-Reply-To: <CACykbs1AUJ2LmDtFxkLkrrZfMnU89AxMXyd4gt5EVneEyPsSRA@mail.gmail.com>
References: <PH0PR09MB76899049A294230B248B1428B9E4A@PH0PR09MB7689.namprd09.prod.outlook.com> <9b35faa9-923a-4258-28a4-7577635101df@cs.tcd.ie> <PH0PR09MB7689628541D0ABDCF1FFD05BB9EEA@PH0PR09MB7689.namprd09.prod.outlook.com> <CACykbs1AUJ2LmDtFxkLkrrZfMnU89AxMXyd4gt5EVneEyPsSRA@mail.gmail.com>
Organization: Symbolic Software
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.48.4
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ufmrg/zmrZoD09nXANUtwEuahyNQwZWG0>
Subject: Re: [Ufmrg] [EXT] Re: A few questions about UFMRG goals
X-BeenThere: ufmrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Usable Formal Methods Research Group <ufmrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/ufmrg>, <mailto:ufmrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ufmrg/>
List-Post: <mailto:ufmrg@irtf.org>
List-Help: <mailto:ufmrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/ufmrg>, <mailto:ufmrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2023 13:10:32 -0000
For what it's worth, what Jonathan is saying matches my observations. Both Tamarin and ProVerif stand to gain from soemone working full-time on improving web interfaces, better error messages, better tooling and integration... However, academic incentives lie elsewhere. -- Nadim Kobeissi Symbolic Software - https://symbolic.software On Thu, 2023-09-07 at 23:27 +0100, Jonathan Hoyland wrote: > Hi Joshua, > > One piece of feedback I get when I ask people why they don't use > formal methods is that there is no intermediate level training > available. > > There is documentation for some tools, and sometimes YouTube > tutorials for the basics, but unless you work with the tool authors, > or people experienced in modelling, there isn't somewhere to learn > all the tips and tricks necessary to prove complex things. So people > get through a very basic tutorial, and then go look at papers that > include huge, complex models, and have no idea how to get between > those two places. > > The goal of the training is to hopefully build up a set of recorded > pieces of training that help people use the tools as they are. By > running multiple trainings the hope is to provide a pathway, along > with a place you can go and ask questions of experts. > > Certainly one of my hopes for this group is that we can provide > actionable feedback to tool authors so that they can improve their > tools, but starting with the things we can achieve without going > outside the group seems like the best way to get started. > > Another thing I think we can do fairly immediately is provide > guidance on which tools might be most appropriate for which tasks, > and thus help work out what work needs to be done to prove the > properties we want. > > So overall I agree with Stephen's 1c, and mostly 2c. I think the > training (along with making the materials available) does make the > tool more useable, even though I agree a proper usability study would > be even better. I do think there are a number of easy usability > improvements to be had in many tools before we need to go for a > usability study, so I don't think we're completely unable to proceed > on that front. > > We are definitely looking for people who have a background in things > like user studies to help us make both the training and the group > overall a success, so if you have suggestions (or even suggestions of > people we can ask) they would be very gratefully received. > > Regards, > > Jonathan > > On Thu, 7 Sept 2023, 23:04 Joshua D Guttman, <guttman@mitre.org> > wrote: > > I was really impressed by the fast three minute > > response, just before the interim mtg a week ago. > > > > But I'm not sure that the reply really gets to the > > heart of the matter. > > > > You write: > > > > > 1(c) is fine > > > > in response to: > > > > > > 1. I'm a little unsure whether the primary > > > > goal is: > > > > > > > > (a) To determine whether formal > > > > methods are effectively usable for > > > > IETF-type purposes; > > > > > > > > (b) To persuade people that formal > > > > methods are effectively usable for > > > > IETF-type purposes; or > > > > > > > > (c) To cause formal methods to become > > > > more effectively usable for IETF-type > > > > purposes. > > > > > > > > Of course, a possible response is to > > > > give a blend of more or less of these > > > > three components. And maybe > > > > additional components? But what would > > > > be the right characterization? > > > > What makes this a bit askew is the fact that the > > most visible activities -- such as the planned > > tutorials at the Nov 4 Prague meeting -- really > > seem to me closer to 1(b). > > > > I guess the tutorial goal is primarily education. > > Since formal methods are in fact very useful, one > > expects education to be key to "persuading people > > that formal methods are effectively usable for > > IETF-type purposes." ( :- ) > > > > And I suspect that persuading and educating may be > > a more achievable goal for the UFMRG than actually > > causing formal methods to become more effectively > > usable. > > > > That requires instead a lot of research, both with > > a high level of insight into formal modeling and > > proving, and with a bunch of user studies and > > appraising the kinds of people who could benefit > > from specific kinds of FM. > > > > Would the 4 Nov tutorials even give us any insight > > into the latter? > > > > It's conceivable but might require some > > coordination and restructuring. > > > > More on question (2) in a separate msg. I'd be > > eager to know what people think about these > > aspects of question (1). > > > > Joshua > > > > On 9/1/23, 12:01, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> > > wrote: > > > > 1(c) is fine, 2(c) is closest but not quite right > > > > On 01/09/2023 16:58, Joshua D Guttman wrote: > > > May I ask a few questions about the UFMRG goals? > > > > > > 1. I'm a little unsure whether the primary goal > > > is: > > > > > > (a) To determine whether formal methods are > > > effectively usable for IETF-type purposes; > > > > > > (b) To persuade people that formal methods are > > > effectively usable for IETF-type purposes; > > > or > > > > > > (c) To cause formal methods to become more > > > effectively usable for IETF-type purposes. > > > > > > Of course, a possible response is to give a > > > blend of more or less of these three > > > components. And maybe additional components? > > > But what would be the right characterization? > > > > > > 2. Along another axis, we sometimes have > > > different formal methods that may be useful > > > for different sets of goals (eg establishing > > > that a program respects an inductive invariant > > > vs establishing that a protocol achieves an > > > authentication goal), and maybe also competing > > > formal methods that approach the same goals in > > > different (or similar :- ) ways. > > > > > > Do we aim to: > > > > > > (a) Identify some methods as suitable for some > > > kinds of goals? > > > > > > (b) Grade the usability of some "competing" > > > methods for overlapping goals? > > > > > > (c) Identify combinations of methods for > > > purposes that require several kinds of > > > results? > > > > > > Again, blends may make sense together. > > > > > > Thanks! > > > > > > Joshua > > > > > > > >
- [Ufmrg] A few questions about UFMRG goals Joshua D Guttman
- Re: [Ufmrg] A few questions about UFMRG goals Stephen Farrell
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Joshua D Guttman
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Jonathan Hoyland
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Muhammad Usama Sardar
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Nadim Kobeissi
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Hans-Dieter Hiep
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Gergely Buday