1997-12-24 paulson 1997-12-24 New Auto_tac (by Oheimb), and new syntax (without parens), and expandshort
1997-12-23 paulson 1997-12-23 Tidied using rev_iffD1, etc
1997-12-19 wenzelm 1997-12-19 tuned;
1997-12-16 wenzelm 1997-12-16 expandshort;
1997-12-16 paulson 1997-12-16 Simplified proofs using rewrites for f``A where f is injective
1997-11-11 paulson 1997-11-11 Fixed indentation
1997-11-03 wenzelm 1997-11-03 isatool fixclasimp;
1997-10-27 paulson 1997-10-27 Deleted two needless theorems
1997-10-21 paulson 1997-10-21 Many minor speedups: 1. Some use of rewriting with expand_ifs instead of addsplits[expand_if] 2. Faster proof of new_keys_not_used 3. New version of shrK_neq (no longer refers to "range")
1997-10-17 nipkow 1997-10-17 setloop split_tac -> addsplits
1997-10-03 paulson 1997-10-03 Routine tidying up
1997-10-01 paulson 1997-10-01 Strengthened the possibility property for resumption so that it could have detected the problem with ServerResume
1997-10-01 paulson 1997-10-01 Exchanged the M and SID fields of the FINISHED messages to simplify proofs; deleted unused theorems
1997-09-30 paulson 1997-09-30 Client, Server certificates now sent using the separate Certificate rule, simplifying ServerHello and ClientKeyExch. Resumption no longer needs its own version of ServerHello. Proofs run nearly three minutes faster.
1997-09-29 paulson 1997-09-29 Renamed XA, XB to PA, PB and removed the certificate from Client Verify
1997-09-25 paulson 1997-09-25 Deleted an obsolete step in TrustServerFinished
1997-09-24 paulson 1997-09-24 sessionK now indexed by nat instead of bool. Weaker Oops conditions on final guarantees
1997-09-22 paulson 1997-09-22 Simplified SpyKeys to use sessionK instead of clientK and serverK Proved and used analz_insert_key, shortening scripts
1997-09-19 paulson 1997-09-19 First working version with Oops event for session keys
1997-09-19 paulson 1997-09-19 Full version of TLS including session resumption, but no Oops
1997-09-18 paulson 1997-09-18 Global change: lost->bad and sees Spy->spies First change just gives a more sensible name. Second change eliminates the agent parameter of "sees" to simplify definitions and theorems
1997-09-17 paulson 1997-09-17 Now with the sessionK constant and new events ClientAccepts and ServerAccepts
1997-09-16 paulson 1997-09-16 Addition of SessionIDs to the Hello and Finished messages
1997-09-16 paulson 1997-09-16 TLS now with a distinction between premaster secret and master secret
1997-07-14 paulson 1997-07-14 Changing "lost" from a parameter of protocol definitions to a constant. Advantages: no "lost" argument everywhere; fewer Vars in subgoals; less need for specially instantiated rules Disadvantage: can no longer prove "Agent_not_see_encrypted_key", but this theorem was never used, and its original proof was also broken the introduction of the "Notes" constructor.
1997-07-11 paulson 1997-07-11 Now uses the Notes constructor to distinguish the Client (who has chosen M) from the Spy (who may have replayed her messages)
1997-07-07 paulson 1997-07-07 New proofs involving CERTIFICATE VERIFY
1997-07-04 paulson 1997-07-04 New constant "certificate"--just an abbreviation
1997-07-01 paulson 1997-07-01 More realistic model: the Spy can compute clientK and serverK
1997-07-01 paulson 1997-07-01 Baby TLS. Proofs work, but model seems unrealistic