[Cryptography] Testing crypto protocol implementations
Bill Frantz
frantz at pwpconsult.com
Mon Mar 3 02:49:20 EST 2014
On 3/2/14 at 12:21 PM, cryptography at dukhovni.org (Viktor
Dukhovni) wrote:
>
>There are a handful of DANE TLSA test sites, but their "interesting"
>combinations of certificate chains and TLSA records are far from
>sufficiently comprehensive. Lack of a reasonably comprehensive
>test-bed almost assures that flawed implementations will continue
>to be produced, and users will continue to use them unaware of
>their defects.
It needs to be easy to add "interesting combinations" to the
test suite. Good tests of this nature grow as new problem
chains, TLSA records etc. are discovered in the wild.
If it is possible, generating a complete set of combinations of
flaws is not unreasonable. I fear that the standards are much
too complex for exhaustive testing however.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
Englewood Ave
www.pwpconsult.com | - Vaclav Havel | Los Gatos,
CA 95032
More information about the cryptography
mailing list