[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.6 Formal proofs of security

To: paul.hoffman@vpnc.org
Subject: Re: SOI QUESTIONS: 2.6 Formal proofs of security
From: Paul Koning <pkoning@equallogic.com>
Date: Thu, 20 Jun 2002 16:43:03 -0400
Cc: ipsec@lists.tislabs.com
References: <E17L5M8-0003XL-00@think.thunk.org><p05111a0bb937c9d4c2ac@[165.227.249.18]>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "VPNC" == VPNC  <Paul> writes:

 VPNC> At 1:04 PM -0400 6/20/02, Theodore Ts'o wrote:
 >> 2.6.)  Does SOI need to provide a formal proof of security?  (Is
 >> this a "must have" or a "nice to have"?  What are we willing to
 >> trade-off for having a formal proof of security?)

 VPNC> In the typical VPN scenario (either gateway-to-gateway or
 VPNC> remote-access WAN), this is not important. It is nice to have,
 VPNC> of course, but only to keep ourselves happy.

I disagree.

The scenarios are irrelevant to this question.

The point is: what level of assurance do we want that there aren't
design errors in the protocol?  Some people build "security" protocols
that don't provide security.  Some of the errors made are obvious to
casual observers; some are not.  It would be good for IPsec/IKE to be
secure in reality.  Formal analysis is part of the QA that helps
confirm this property.  Without it, you may still be secure, and you
may have caught most bugs by informal analysis, but the level of
assurance is less.

So I would rate it as "very desirable".

   paul

References:
- SOI QUESTIONS: 2.6 Formal proofs of security
  - From: "Theodore Ts'o" <tytso@mit.edu>
- Re: SOI QUESTIONS: 2.6 Formal proofs of security
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: RE: SOI QUESTIONS: 2.4-2.6
Next by Date: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Prev by thread: Re: SOI QUESTIONS: 2.6 Formal proofs of security
Next by thread: Re: SOI QUESTIONS: 2.6 Formal proofs of security
Index(es):
- Date
- Thread