[Openid-specs-risc] Final security analysis

Atul Tulshibagwale atul at sgnl.ai
Tue Sep 3 18:45:23 UTC 2024 

Hi Shayne,

Thanks for sharing this. After reviewing the report, I thought it would be
good to compare their review of ID2 with their review of ID3: Which issues
have been addressed, which are remaining, and if any new ones are observed.
Would you be able to present this kind of summary in the next meeting?

Atul

On Tue, Sep 3, 2024 at 9:45 AM Windley, Phil via Openid-specs-risc <
openid-specs-risc at lists.openid.net> wrote:

> Thanks Shayne. Once approved, where is this made available? Public doc, I
> presume.
>
> On Aug 29, 2024, at 2:59 PM, Shayne Miel (smiel) via Openid-specs-risc <
> openid-specs-risc at lists.openid.net> wrote:
>
> *CAUTION*: This email originated from outside of the organization. Do not
> click links or open attachments unless you can confirm the sender and know
> the content is safe.
>
> Hello working group members. You may recall that earlier this year we
> engaged a research team from the Institute of Information Security at the
> University of Stuttgart, Germany to analyze the security properties of the
> Shared Signals Framework. We are happy to announce that this work has been
> completed. The final report can be downloaded from this link:
> https://github.com/user-attachments/files/16762914/2024-08-26_WP4.1b-Report.pdf
>
> As a last step, the working group is being asked to formally approve the
> report. We will take an official poll during the working group meeting on
> September 10th. For anyone who is not able to attend, if you wish to voice
> an opinion, feel free to share it via this email list.
>
> The best way to understand this report is to start with section 4. In that
> section, the researchers list the security properties that they are proving
> given the assumptions made in section 2. The appendix contains the formal
> mathematics of the proofs, and section 3 contains a short list of
> recommendations unrelated to the proofs.
>
> Please let me know if you have any questions,
> Shayne
>
> <Outlook-3hnuuyry.png>
> *Shayne Miel*  / Principal Engineer (he, him, his)
> smiel at cisco.com
> (919) 923-6230
> cisco.com <https://www.cisco.com/site/us/en/products/security/index.html>
>
>
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-risc
>
>
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-risc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240903/3c720dcb/attachment-0001.html>

More information about the Openid-specs-risc mailing list