Matt Blaze: I think we have gotten very close to the single biggest practical problem which protocol modelling and analysis has, but without actually mentioning it explicitly. That problem is that we tend to design very secure protocols that in practice cannot be implemented correctly. Larry mentioned SSL, which is very close to this problem. When we design these protocols we are sending them to implementers, and implementers make assumptions, they put protocols into environments, and they make what seems to them to be a very unimportant modification to the protocol. Bruce Christianson: A low level design decision! Matt Blaze: Yes, they make what seems to them to be a low level design decision, but the modification has the effect of just breaking the protocol completely. Is there some hope for formal analysis of protocols to capture a distinction between an implementable protocol and a non-implementable protocol? Mike Roe: It’s not really so much that we need more formalism, as that the people doing this formal analysis need to be talking more to the people that deliver requirements, and producing a protocol that meets with those requirements. We’re seeing a great many instances of square pegs being fitted into round holes because implementors read books that give them some protocol which is secure under a particular combination of assumptions. The actual assumptions in the environment which the implementors had in mind are completely different, but never mind, it’s a security protocol, we’ll just tweak it. This happens a lot and it’s a problem.
展开▼
机译:Matt Blaze:我认为我们非常接近议定建模和分析的单一最大实际问题,但实际上明确提及它。这个问题是,我们倾向于设计非常安全的协议,即在实践中无法正确实现。 Larry提到SSL,这非常接近这个问题。当我们设计这些协议时,我们将它们发送到实施者,而实施者使协议将协议置于环境中,并且它们似乎是对协议的一个非常不重要的修改。布鲁斯·克里斯蒂安森:低级设计决定! Matt Blaze:是的,他们在似乎他们成为一个低级设计决定,但修改具有恰好完全破坏协议的效果。是否有希望对协议进行正式分析,以捕获可实现协议和不可实现的协议之间的区分? Mike Roe:我们需要更多的形式主义并不是那么多,因为这样的人员需要对提供要求的人们来说需要更加讨论,并制作符合这些要求的协议。我们看到了一个很多方形钉的方案,方形钉安装在圆孔中,因为实现者读取了给他们一些协议的书籍,这在特定的假设组合下是安全的。实施者铭记的环境中的实际假设是完全不同的,但从不介意,它是一种安全协议,我们只需调整它。这发生了很多问题,这是一个问题。
展开▼
