Hi, > Very few crypto/security standards do. DNSSEC has one, but that was tacked on > well after the RFCs were written. > > The other way of looking at it is that crypto/security standards all (well, > almost all) have the same threat model, which I refer to in my book as the > Inside-Out Threat Model: Whatever this standard happens to defend against is > defined to be the threat.
In this case, I'd rather go for a Dolev-Yao minus delay and delete-kind of thing... no need to enumerate everything the attacker can do. BTW, almost all protocols lack a definition of what they mean by "authentication", too. Cas Cremers showed that IPSec authentication is broken for a number of definitions, although fortunately not for "the intuitive one" and the one it was probably designed for. I suspect the same holds for SSL. Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18010 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
