usenix-e.tex 2.67 KB
 Peter Schwabe committed Oct 01, 2020 1 \newpage  Peter Schwabe committed Oct 01, 2020 2 \section*{Usenix Security 2020 Review \#324E}  Peter Schwabe committed Oct 01, 2020 3   Peter Schwabe committed Oct 01, 2020 4 \begin{tabular}{rrp{.6\textwidth}}  Peter Schwabe committed Oct 01, 2020 5  \toprule  benoit committed Oct 01, 2020 6 7 8 9  Review recommendation & 1. & Reject \\ Writing quality & 2. & Needs improvement \\ Reviewer interest & 1. & I am not interested in this paper \\ Reviewer expertise & 2. & Some familiarity \\  Peter Schwabe committed Oct 01, 2020 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42  \bottomrule \end{tabular} \begin{center} \subheading{===== Paper summary =====} \end{center} This paper presents a proof and technique for proving the correctness of and implementation of the X25519 key exchange protocol. The authors provide a sketch of the system and related various components of the formal analysis. \begin{center} \subheading{===== Strengths =====} \end{center} This is an exceptionally sophisticated approach for formally verifying the correctness of a crypto library. The authors have provided a usable library implementing an important protocol. \begin{center} \subheading{===== Weaknesses =====} \end{center} This paper does not feel like a great fit for USENIX security. This should likely go to a formal verification or crypto conference, because the details and contributions are likely to be lost on the USENIX community. To that point, the paper is very, very dense and requires an incredible amount of background to appreciate the nuances of the work. For example, to appreciate the work, you have to study the code, definitions, and intermediate languages on pages 5-7. The whole thing reads like a technical report without much prose to help me understand what is going on. I had a difficult time understanding how this work generalizes. Even the introduction failed to provide a clear statement of the contributions of this work. This is highlighted in the previous reviews when prior reviewers could not fully ascertain the contribution of this work. Oddly, I found that the responses to the past reviewer's questions were often more instructive than the paper itself. I am also not sure that the authors really appreciated that the previous reviews were asking you to provide a more structured and less detail oriented paper. In the end, I strongly feel that this paper must be rewritten with the low level details deemphasized and the contributions and intuition presented with clarity. \begin{center} \subheading{===== Questions for authors' response =====} \end{center} Why was this submitted to USENIX? S\&P seems like a much better venue.  Peter Schwabe committed Oct 01, 2020 43 \begin{answer}  benoit committed Oct 01, 2020 44 45  Apparently the reviewer did not realize that the work had been submitted to S\&P before. We hope that CSF is also a much better venue.  Peter Schwabe committed Oct 01, 2020 46 \end{answer}  Peter Schwabe committed Oct 01, 2020 47 48  What am I to take away from this? How does this generalize?