Abstract
Matt Blaze: I think we have gotten very close to the single biggest practical problem which protocol modelling and analysis has, but without actually mentioning it explicitly. That problem is that we tend to design very secure protocols that in practice cannot be implemented correctly. Larry mentioned SSL, which is very close to this problem. When we design these protocols we are sending them to implementers, and implementers make assumptions, they put protocols into environments, and they make what seems to them to be a very unimportant modification to the protocol.
Bruce Christianson: A low level design decision!
Matt Blaze: Yes, they make what seems to them to be a low level design decision, but the modification has the effect of just breaking the protocol completely. Is there some hope for formal analysis of protocols to capture a distinction between an implementable protocol and a non-implementable protocol?
Mike Roe: It’s not really so much that we need more formalism, as that the people doing this formal analysis need to be talking more to the people that deliver requirements, and producing a protocol that meets with those requirements. We’re seeing a great many instances of square pegs being fitted into round holes because implementors read books that give them some protocol which is secure under a particular combination of assumptions. The actual assumptions in the environment which the implementors had in mind are completely different, but never mind, it’s a security protocol, we’ll just tweak it. This happens a lot and it’s a problem.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Roe, M. (2005). Panel Session: Is Protocol Modelling Finished?. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_26
Download citation
DOI: https://doi.org/10.1007/11542322_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)