2003-09-26 paulson 2003-09-26 Conversion of all main protocols from "Shared" to "Public". Removal of Key_supply_ax: modifications to possibility theorems. Improved presentation.
2003-09-23 paulson 2003-09-23 Removal of the Key_supply axiom (affects many possbility proofs) and minor changes
2003-05-05 paulson 2003-05-05 improved presentation of HOL/Auth theories
2003-04-29 paulson 2003-04-29 tweaks
2003-04-26 paulson 2003-04-26 converting more HOL-Auth to new-style theories
2002-08-17 paulson 2002-08-17 tidying of Isar scripts
2001-10-03 wenzelm 2001-10-03 tuned parentheses in relational expressions;
2001-08-06 paulson 2001-08-06 Changed 1 to 1' (= Suc 0)
2001-05-03 paulson 2001-05-03 minor tweaks
2001-04-12 paulson 2001-04-12 converted many HOL/Auth theories to Isar scripts
2001-03-02 paulson 2001-03-02 streamlined a proof
2001-02-16 paulson 2001-02-16 Streamlining for the bug fix in Blast. MPair_parts now built in using AddSEs, throughout.
2001-02-14 paulson 2001-02-14 tidying
2001-02-13 paulson 2001-02-13 partial conversion to Isar script style simplified unicity proofs
1998-09-08 paulson 1998-09-08 Got rid of not_Says_to_self and most uses of ~= in definitions and theorems
1998-08-21 paulson 1998-08-21 Tidying
1998-01-08 paulson 1998-01-08 Expressed most Oops rules using Notes instead of Says, and other tidying
1997-09-18 paulson 1997-09-18 Global change: lost->bad and sees Spy->spies First change just gives a more sensible name. Second change eliminates the agent parameter of "sees" to simplify definitions and theorems
1997-09-05 paulson 1997-09-05 Renamed "evs" to "evs1", "evs2", etc. in protocol inductive definition
1997-07-14 paulson 1997-07-14 Changing "lost" from a parameter of protocol definitions to a constant. Advantages: no "lost" argument everywhere; fewer Vars in subgoals; less need for specially instantiated rules Disadvantage: can no longer prove "Agent_not_see_encrypted_key", but this theorem was never used, and its original proof was also broken the introduction of the "Notes" constructor.
1997-06-26 nipkow 1997-06-26 set_of_list -> set
1997-01-17 paulson 1997-01-17 Now with Andy Gordon's treatment of freshness to replace newN/K
1996-12-19 paulson 1996-12-19 Extensive tidying and simplification, largely stemming from changing newN and newK to take an integer argument
1996-12-13 paulson 1996-12-13 Removed needless quotation marks
1996-11-29 paulson 1996-11-29 Swapped arguments of Crypt (for clarity and because it is conventional)
1996-10-28 paulson 1996-10-28 Changing from the Reveal to the Oops rule
1996-10-08 paulson 1996-10-08 Addition of Revl rule, and tidying
1996-09-26 paulson 1996-09-26 Introduction of "lost" argument Changed Enemy -> Spy Ran expandshort
1996-09-13 paulson 1996-09-13 No longer assumes Alice is not the Enemy in NS3. Proofs do not need it, and the assumption complicated the liveness argument
1996-09-11 paulson 1996-09-11 Reformatting
1996-09-09 paulson 1996-09-09 Stronger proofs; work for Otway-Rees
1996-09-03 paulson 1996-09-03 Renaming and simplification
1996-08-21 paulson 1996-08-21 Separation of theory Event into two parts: Shared for general shared-key material NS_Shared for the Needham-Schroeder shared-key protocol