2008-06-16 wenzelm 2008-06-16 eliminated OldGoals.inst;
2008-06-11 wenzelm 2008-06-11 OldGoals.inst;
2007-08-01 wenzelm 2007-08-01 tuned ML bindings (for multithreading);
2006-11-29 wenzelm 2006-11-29 simplified method setup;
2006-11-17 wenzelm 2006-11-17 more robust syntax for definition/abbreviation/notation;
2006-09-28 wenzelm 2006-09-28 replaced syntax/translations by abbreviation;
2006-01-04 paulson 2006-01-04 a few more named lemmas
2005-10-26 paulson 2005-10-26 tidied away duplicate thm
2005-06-17 haftmann 2005-06-17 migrated theory headers to new format
2003-09-23 paulson 2003-09-23 Removal of the Key_supply axiom (affects many possbility proofs) and minor changes
2003-07-24 paulson 2003-07-24 Tidying and replacement of some axioms by specifications
2003-05-05 paulson 2003-05-05 improved presentation of HOL/Auth theories
2003-04-29 paulson 2003-04-29 tweaks
2003-04-26 paulson 2003-04-26 converting more HOL-Auth to new-style theories
2003-04-25 paulson 2003-04-25 Changes required by the certified email protocol Public-key model now provides separate signature/encryption keys and also long-term symmetric keys.
2001-08-06 paulson 2001-08-06 three new theorems
2001-05-19 paulson 2001-05-19 spelling check
2001-03-05 paulson 2001-03-05 a few basic X-symbols
2001-03-02 paulson 2001-03-02 conversion of Message.thy to Isar format
2001-02-13 paulson 2001-02-13 partial conversion to Isar script style simplified unicity proofs
1999-03-18 paulson 1999-03-18 exchanged the order of Gets and Notes in datatype event
1999-03-09 paulson 1999-03-09 Added Bella's "Gets" model for Otway_Rees. Also affects some other theories. Changing "spies" to "knows Spy", etc. Retaining the constant "spies" as a translation.
1998-07-24 berghofe 1998-07-24 Adapted to new datatype package.
1997-09-18 paulson 1997-09-18 Global change: lost->bad and sees Spy->spies First change just gives a more sensible name. Second change eliminates the agent parameter of "sees" to simplify definitions and theorems
1997-09-17 paulson 1997-09-17 Spy can see Notes of the compromised agents
1997-07-14 paulson 1997-07-14 Changing "lost" from a parameter of protocol definitions to a constant. Advantages: no "lost" argument everywhere; fewer Vars in subgoals; less need for specially instantiated rules Disadvantage: can no longer prove "Agent_not_see_encrypted_key", but this theorem was never used, and its original proof was also broken the introduction of the "Notes" constructor.
1997-07-11 paulson 1997-07-11 Moving common declarations and proofs from theories "Shared" and "Public" to "Event". NB the original "Event" theory was later renamed "Shared". Addition of the Notes constructor to datatype "event".
1996-09-26 paulson 1996-09-26 Introduction of "lost" argument Changed Enemy -> Spy Ran expandshort
1996-09-03 paulson 1996-09-03 Renaming and simplification
1996-08-21 paulson 1996-08-21 Addition of message NS5
1996-08-20 paulson 1996-08-20 Working version of NS, messages 1-4!
1996-08-20 paulson 1996-08-20 Working version of NS, messages 1-3, WITH INTERLEAVING
1996-08-19 paulson 1996-08-19 Renaming of functions, and tidying
1996-07-29 paulson 1996-07-29 Works up to main theorem, then XXX...X
1996-07-26 paulson 1996-07-26 Auth proofs work up to the XXX...
1996-07-11 paulson 1996-07-11 Added Msg 3; works up to Says_Server_imp_Key_newK
1996-06-28 paulson 1996-06-28 Proving safety properties of authentication protocols