[prev in list] [next in list] [prev in thread] [next in thread]
List: otr-dev
Subject: Re: [OTR-dev] OTR Formal Analysis Security Properties
From: Ian Goldberg <ian () cypherpunks ! ca>
Date: 2006-02-14 19:56:49
Message-ID: 20060214195649.GZ31096 () smtp ! paip ! net
[Download RAW message or body]
On Mon, Feb 13, 2006 at 06:04:46PM -0800, Andrew S. Morrison wrote:
> As mentioned awhile back, myself and a partner are working on a formal
> security analysis of OTR. Before we try to break it, I just wanted to send
> you what we're working on in terms of what security properties OTR claims
> to see if we're in agreement. Attached is a PDF of our working definitions
> for the properties that should hold on OTR. Do you guys agree or disagree
> on any of the definitions? Is anything missing? Are any of the claims too
> strong or weak? Thanks.
I took a quick look.
In the PFS definition, Mallory *is* allowed to be able to read _very
recent_ messages sent between Alice and Bob (i.e. messages sent with
keys Alice and/or Bob are still using). So just saying Mallory cannot
read messages with timestamp t' < t isn't quite right, I think.
And a tiny nit, but I think you mean "principal" where you write
"principle". ;-)
Otherwise, it looks pretty plausible. I look forward to seeing the
results of your work!
- Ian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic