Hi Ted, The issue comes from Rich insisting on repeatedly judging the work based on the authors’ identities and the publication venue when clear instructions on how to replicate the results yourself were *published within the paper*.
Here’s a pedagogical summary: 1. Diff my extended ProVerif models (-pq) against the ones from the previous publication: https://github.com/symbolicsoft/reftls/tree/master/pv 2. Validate whether the additions, and see for yourself if they match the RFCs and the paper’s claims, 3. Run the models locally and check the analysis results for yourself. When this is an option, I would encourage folks to do that, instead of repeatedly bringing up issues of author count and venue. I wrote this paper in my free time as a trivial extension to a previous, actually-published paper. I absolutely don’t owe anyone the extra work of getting it into a venue, especially since that does much less work in terms of scientific validation and replication than the *method and materials I’ve already published with the paper.* Nadim Kobeissi Symbolic Software • https://symbolic.software > On 8 Jun 2026, at 6:00 PM, Ted Lemon <[email protected]> wrote: > > Andrew, I guess your point is that people who are not cryptography experts > but are academics and do understand how research is done should nevertheless > not concern themselves with whether such studies have been replicated? We > should just assume that individual experts are right and have not made > mistakes? > > Forgive me, but I don't think this is how science works. Rich's question > makes perfect sense to me. What doesn't make sense is anyone here engaging in > vituperative attacks in response to his question. > > On Mon, Jun 8, 2026, at 5:51 PM, Andrew Lee wrote: >> On Mon, Jun 8, 2026 at 8:18 AM Salz, Rich <[email protected] >> <mailto:[email protected]>> wrote: >> >> I am not qualified to review your work. Nor am I qualified to review most of >> what Karthik or Cas writes about. >> >> Mr. Salz, with all due respect, why are you making comments about the >> qualifications of his work when you, yourself, admit that you are "not >> qualified to review" his work? This seems, at the least, disingenuous. >> >> To be clear, I respect you and everyone here on this, and generally the IETF >> lists, and sincerely hope we can all get back to the material and factual >> research instead of attacking the messenger. >> >> Sincerely with all respect, >> Andrew >> _______________________________________________ >> TLS mailing list -- [email protected] <mailto:[email protected]> >> To unsubscribe send an email to [email protected] >> <mailto:[email protected]> >> >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
