equal
deleted
inserted
replaced
475 \end{itemize} |
475 \end{itemize} |
476 \end{frame}} |
476 \end{frame}} |
477 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
477 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
478 |
478 |
479 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
479 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
480 \mode<presentation>{ |
|
481 \begin{frame}[c] |
480 \begin{frame}[c] |
482 \frametitle{Best Practices} |
481 \frametitle{Best Practices} |
483 |
482 |
484 {\bf Principle 1:} Every message should say what it means: the interpretation of |
483 {\bf Principle 1:} Every message should say what it means: the |
485 a message should not depend on the context.\bigskip\pause |
484 interpretation of a message should not depend on the |
486 |
485 context.\bigskip\pause |
487 {\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent |
486 |
488 to mention the principal’s name explicitly in the message (though difficult).\bigskip |
487 {\bf Principle 2:} If the identity of a principal is essential |
489 |
488 to the meaning of a message, it is prudent to mention the |
490 |
489 principal’s name explicitly in the message (though |
491 \end{frame}} |
490 difficult).\bigskip |
|
491 |
|
492 \end{frame} |
492 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
493 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
493 |
494 |
494 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
495 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
495 \mode<presentation>{ |
496 \mode<presentation>{ |
496 \begin{frame}[c] |
497 \begin{frame}[c] |
518 |
519 |
519 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
520 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
520 \begin{frame}[c] |
521 \begin{frame}[c] |
521 \frametitle{Best Practices} |
522 \frametitle{Best Practices} |
522 |
523 |
523 {\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip |
524 {\bf Principle 4:} The protocol designers should know which |
524 |
525 trust relations their protocol depends on, and why the |
525 |
526 dependence is necessary. The reasons for particular trust |
526 Example Certification Authorities: CAs are trusted to certify a key only after proper steps |
527 relations being acceptable should be explicit though they will |
527 have been taken to identify the principal that owns it. |
528 be founded on judgment and policy rather than on |
|
529 logic.\bigskip |
|
530 |
|
531 |
|
532 Example Certification Authorities: CAs are trusted to certify |
|
533 a key only after proper steps have been taken to identify the |
|
534 principal that owns it. |
528 |
535 |
529 \end{frame} |
536 \end{frame} |
530 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
537 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
531 |
538 |
532 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
539 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
537 Ross Anderson about the use of Logic:\bigskip |
544 Ross Anderson about the use of Logic:\bigskip |
538 |
545 |
539 \begin{quote} |
546 \begin{quote} |
540 Formal methods can be an excellent way of finding |
547 Formal methods can be an excellent way of finding |
541 bugs in security protocol designs as they force the designer |
548 bugs in security protocol designs as they force the designer |
542 to make everything explicit and thus confront dif$\!$ficult design |
549 to make everything explicit and thus confront difficult design |
543 choices that might otherwise be fudged. |
550 choices that might otherwise be fudged. |
544 \end{quote} |
551 \end{quote} |
545 |
552 |
546 \end{frame}} |
553 \end{frame}} |
547 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
554 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |