> I have been trying to read about formally proving security > protocols. ... I was wondering if anyone here has seen a > comparison between these approaches to evaluate things like > ease of use and effectiveness.
5 years ago, i saw meadows give an interesting talk, comparing the various state-of-the-art verification tools, with caveats about each one's blind spots, and with some attention to how easy/hard it is to make mistakes while using such tools. i suspect that the talk i saw was from this paper: Catherine Meadows, "Formal Verification of Cryptographic Protocols: A Survey," Advances in Cryptology - Asiacrypt '94, LNSC 917, Springer-Verlag, 1995, pp. 133-150. http://chacs.nrl.navy.mil/publications/CHACS/1995/1995meadows-asiacrypt94.ps In this paper we give a survey of the state of the art in the application of formal methods to the analysis of cryptographic protocols. We attempt to outline some of the major threads of research in this area, and also to document some emerging trends. a more recent meadows paper surveys open problems in the field: Meadows, Catherine, "Open Issues in Formal Methods for Cryptographic Protocol Analysis," Proc DISCEX 2000, IEEE Computer Society Press, pp. 237-250, January, 2000. http://chacs.nrl.navy.mil/publications/CHACS/2000/2000meadows-discex.ps The history of the application of formal methods to cryptographic protocol analysis spans nearly twenty years, and recently has been showing signs of new maturity and consolidation. A number of specialized tools have been developed, and others have effectively demonstrated that existing general- purpose tools can also be applied to these problems with good results. However, with this better understanding of the field comes new problems that strain against the limits of the existing tools. In this paper we will outline some of these new problem areas, and describe what new research needs to be done to to meet the challenges posed. i found these papers on her group's publications page: http://chacs.nrl.navy.mil/publications/CHACS/CRYPTOindex.html - don davis, boston - --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
