Hi, > Op 8 jun 2026, om 21:22 heeft Salz, Rich <[email protected]> > het volgende geschreven: > > Respectfully, what you are asking does not seem consistent with the FATT > process to me. WG participants doing formal verification are quite limited. > Let's warmly welcome their contributions rather than discouraging them. > This is not a FATT thing. The FATT does not review other people’s proofs. > They review drafts and make non-binding recommendations as to whether > analysis is not needed, or perhaps what type of analysis or tools if so[1]. > Their decision is not binding on the WG. > > I am only saying that an individual work should not be quoted in an RFC as > explanation or justification for a particular recommendation. We don’t quote > FATT findings in RFCs either. > > [1] https://github.com/tlswg/tls-fatt >
I would say the FATT is typically not producing findings, because we don’t do analysis — we review what analysis is out there and look if a draft’s security claims are clear (and/or justifiable) enough. Cheers, Thom > ______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
