> On Sep 24, 2025, at 3:46 AM, Muhammad Usama Sardar > <[email protected]> wrote: > >> But it’s an important distinction that the level of security is orthogonal >> to the protocol. > Not sure. Could you explain this? I don't think it is completely orthogonal. > At least the protocol design is critical for security too. Even with perfect > data formats, a broken protocol can put all bets off. Perhaps you meant > something else, or I am missing something.
Yes, I meant security of a protocols implementation: - Whether the code runs in a TEE or similar - Protection against side channels - Protection against HW glitching The people that are good at this stuff are certification people. The proper place to specify this stuff is certification documents. It can be really expensive and not every use case needs it, so it really shouldn’t be specified in IETF documents, though perhaps mention in security considerations is good. Yes, we should always design and specify extremely high-security protocols in the IETF. For example, HPKE integrity protects everything in the protocol. LL
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
