Hi all,
I want to call attention to a threat model PR I opened last month: Threat
model appendix: use case description <https://github.com/tock/book/pull/81>.
It documents a few different use cases for Tock with varying security
requirements and describes how Tock can be configured to satisfy each use
case. To my knowledge, this is the first concrete description of how
application identifiers and short IDs should be generated in practice.
If you are interested or involved in Tock's application ID infrastructure
(or any subsystem that may need to use application IDs), please take a look.
-Johnathan
