Paul Syverson and Catherine Meadows, ``Formal Requirements for Key
Distribution Protocols,'' Proceedings of Eurocrypt '94, to appear.
<a href="1994syverson-eurocrypt.ps">
 PostScript</a>

<blockquote>
We discuss generic formal requirements for reasoning about
two party key distribution protocols, using a language developed for specifying
security requirements for security protocols.
Typically earlier work has considered
formal analysis of already developed protocols. Our goal is to present
sets of formal requirements for various contexts which can be applied
at the design stage as well as to existing protocols.
We use a protocol analysis tool we have developed to determine whether or
not a specific protocol has met some of the requirements we specified.
We show how this process uncovered a flaw in the protocol and helped us
refine our requirements.
</blockquote>