[Cryptography] Verifying X.509 Verification - how about an updated PKITS?
Viktor Dukhovni
cryptography at dukhovni.org
Mon Apr 7 13:17:57 EDT 2014
On Mon, Apr 07, 2014 at 09:53:24AM +0200, Nikos Mavrogiannopoulos wrote:
> > What I found was PKITS:
> > http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
> > Its about 10 years old.
>
> And this suite (an older version than the current) was used to test the
> verification routines of gnutls since long time; it did help with
> expected failures, but did few for unexpected failures. The [...]
> fuzzying approach is more promising in that respect.
One needs all of the above, machine-generated randomized testing
that probes unexpected test cases, expert selected corner-case
testing, and reasonably comprehensive coverage testing of the
basic requirements.
However, to Peter's point, the comprehensive test-suite that merely
follows the spec, good, bad and (mostly) ugly, needs to be taken
with a grain of salt, failing some of those tests is sometimes a
feature.
For DANE-EE(3) (RFC 6698 certificate usage 3) I am working to
simplify X.509 verification to a simple digest comparison of the
leaf certificate with the digest from the DNSSEC TLSA record.
* No name checks (subsumed by TLSA base domain)
* No expiration checks (subsumed by DNSSEC RRset validity)
This makes DANE-EE(3) dramatically more usable, and the horror of
X.509 trust verification largely irrelevant. I must however admit
that DANE for SMTP will also support DANE-TA(2), a bastard child
of DANE and PKIX, where trust verification and name checks are
still in scope.
--
Viktor.
More information about the cryptography
mailing list