[Openid-specs-heart] HEART WG AGENDA Monday April 20, 2020
Debbie Bucci
debbucci at gmail.com
Tue Apr 21 20:15:43 UTC 2020
Tom,
Given you raised the concern in the first place - is there a specific
document - section of FAPI 2.0 spec you are referring to? This article
seem rather broad. Its up to the organization to do their own risk
assessment - preferably based on recognized frameworks NIST/ISO etc.
Given many of us have experience with this type of analysis - what are you
comparing it too?
On Tue, Apr 21, 2020 at 2:01 PM Tom Jones <thomasclinganjones at gmail.com>
wrote:
> not in this forum - it is not appropriate.
> Peace ..tom
>
>
> On Tue, Apr 21, 2020 at 10:51 AM Daniel Fett <fett at danielfett.de> wrote:
>
>>
>> https://cacm.acm.org/magazines/2020/4/243625-why-is-cybersecurity-not-a-human-scale-problem-anymore/fulltext
>>
>> Could you please elaborate in which way this article critizes the
>> attacker model used in formal protocol security analyses? This critique
>> must then apply equally for the way in which TLS 1.3 was designed and
>> evaluated (see, e.g., https://tools.ietf.org/html/rfc8446#appendix-E
>> <https://tools.ietf.org/html/rfc8446>).
>>
>> -Daniel
>>
>> Am 21.04.20 um 19:41 schrieb Tom Jones:
>>
>> DOI:10.1145/3347144. CACM 63 no 4 p 30ff
>> Peace ..tom
>>
>>
>> On Tue, Apr 21, 2020 at 10:38 AM Daniel Fett <fett at danielfett.de> wrote:
>>
>>> Am 21.04.20 um 18:30 schrieb Tom Jones:
>>>
>>> Well, I am a member of the FAPI wg and do not like their current
>>> direction. Specifically I strongly disagree with Fett's attack model which
>>> has come under increasing attack in, for example the current issue of the
>>> CACM.
>>>
>>> Which article?
>>> _______________________________________________
>>> Openid-specs-heart mailing list
>>> Openid-specs-heart at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>>
>>
>> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20200421/41065616/attachment.html>
More information about the Openid-specs-heart
mailing list