rikard-sics
commented
1 year ago I think we need more discussions with John to resolve this
Open rikard-sics opened 2 years ago
rikard-sics
commented
1 year ago I think we need more discussions with John to resolve this
Got the feedback below from John via mail. We should take it into account for future versions.
I don’t think this is true. The advantage per key is a quite useless measure for security protocols/use cases with several keys and maybe ever several connections. Keeping these probabilities low does not increase security when advantage functions are linear.
I would not talk so much of the CA IA probabilities per key on slide 4-5. These are not very relevant measures for OSCORE, especially not OSCORE with rekeying. A relevant measure instead of IA per key would be forgery probability per forgery attempt (or perharps per number of byte sent.)