Hi Henk, On 16.09.25 12:47, Henk Birkholz wrote:
Sure, each goal in the preprint (that had the blessing of your review in February and was mentioned to be shared publicly in a couple of weeks) comes with a motivation. Based on the feedback from expat BoF, we have extensively revised the motivation for freshness of Evidence, and bridged the link to real systems.On 13.09.25 18:58, Muhammad Usama Sardar wrote:Sure, we'll update the draft. But the way I view it is like this:security goals => formal analysis => security considerationsSo one of the aims of the thread was to ask if someone could think of any other security goal in the mean time, and definitely not to say that the security consideration section is ready for review.It is also not uncommon to motivate goals
(so I'd give that a small semantic push towards the "requirements" definition).I am not sure what exactly "semantic" and "requirements definition" would mean here. Does it entail anything more than something like "Goal G1 holds unless attestation key is leaked or server chooses a weak hash function"?
use case OR usage scenarios -> (security) requirements -> model specification -> model analysis -> validation & falsification results (some of which go into the SecConSec)The formal analysis satisfactorily covers the use cases and the corresponding security goals that the/proponents/ care about. We would like to hear from the community about the use cases and corresponding security goals that the/community/ cares about.
This can be an iterative process, of course 😅
Indeed, and a quick look at the history of repo (that is also shared with you) reminds me that I have been iterating it for over two years, and of course, one can keep iterating it forever 😂. The main idea here was to have a quick check if someone has any other security goal in mind, else release the preprint with comprehensive coverage of current formal analysis for the community to have a look until the next meeting.
From expat BoF, it seemed like the community would like us to justify why we are narrowly scoping the effort to post-handshake attestation. So the proponents have backtracked and mostly worked on iterating the formal analysis for pre- and intra-handshake attestation. We now believe that we have sufficient evidence (not RATS Evidence) for our claims and unless a new security goal is added which invalidates our claim (i.e., a goal which pre- and/or intra-handshake attestation satisfy while post-handshake attestation does not), I don't believe any further iteration /at this moment/ is worth the effort. After much thinking and thorough re-evaluation, we couldn't find such a security goal. At least without further feedback, we wouldn't know what to iterate. Hence, from a formal analysis perspective, the proponents believe that all feedback from expat, RATS, TLS and UFMRG has been incorporated, and requesting any feedback on the existing and/or new security goals that the community can think of.
Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
