Hi all,

I want to call attention to a threat model PR I opened last month: Threat model appendix: use case description. It documents a few different use cases for Tock with varying security requirements and describes how Tock can be configured to satisfy each use case. To my knowledge, this is the first concrete description of how application identifiers and short IDs should be generated in practice.

If you are interested or involved in Tock's application ID infrastructure (or any subsystem that may need to use application IDs), please take a look.

-Johnathan