TLS Interim 2024-10-16
Formal Analysis Review

Notes: Joe Salowey

  1. Sean Introduces Meeting

  2. Intent

Preserve existing security properties that have been already proven.

DOes anyone think this is a bad idea?

No one objects

  1. Salient point 1

Ask the FATT after working group adopton, fatt review does not gate
adoption.

FATT assigns a Liaison

  1. Salient point 2

Before WGLC, FATT review is input to WGLC

WGLC takes FATT review into consideration, consensus to move forward or
not.

why is the FATT anonymous?

  1. FATT membership is known

  2. Allow for free background discussion within the FATT group to be
    internal to the group

Michael Tüxen: How much time?

Dierdre: For post adoption review a few weeks, hopefully less than a
Month

Dierdre: Analysis takes a variable amount of time

Dierdre: Review process (of the analysis) is probably a few months

Russ: For 8773, who will do the review? People are already asking for
Down Refs.

Sean: lets getthe analysis done

Russ: FATT doesnot agree on 8773

Sean: Liaison process not in place, we should apply this to get better
unitified understanding of 8773. Holding off on others.

Deirdre: Liaisons will rotate to keep work spread.

Deirdre: FATT is 6 or 7 people.

Sean: DOes this sound reasonable from FATT POV?

Dennis: First time I'm seeing this, but it looks OK. Make sure we keep
questions to FATT on formal analaysis and not IETF process.

Deirdre: FIrst review is a bear minimum, a "gut check". If review is
needed who is going to do the work? This will depend on the topic, meaty
research topic vs. training a grad student. THis will evolve

Sean: we will find liaison for 8773 analysis

Deirdre: Analysis of document is an ongoing process between adoption and
WGLC. Needs to take into account changes in the working group document.

Sean: Changes in document can trigger re-review and change in analysis
requirements

Deirdre: initially try to focus review on key shcedule, authentication,
and TLS 1.3 security properties. Documents that don't touch this are out
of scope for the FATT.

Sean: Paul any comments?

Paul: No issues from my end

patton: intro the FATT at UFMRG?