[Cryptography] Testing crypto protocol implementations

Bill Frantz frantz at pwpconsult.com
Mon Mar 3 02:49:20 EST 2014

On 3/2/14 at 12:21 PM, cryptography at dukhovni.org (Viktor 
Dukhovni) wrote:

>There are a handful of DANE TLSA test sites, but their "interesting"
>combinations of certificate chains and TLSA records are far from
>sufficiently comprehensive.  Lack of a reasonably comprehensive
>test-bed almost assures that flawed implementations will continue
>to be produced, and users will continue to use them unaware of
>their defects.

It needs to be easy to add "interesting combinations" to the 
test suite. Good tests of this nature grow as new problem 
chains, TLSA records etc. are discovered in the wild.

If it is possible, generating a complete set of combinations of 
flaws is not unreasonable. I fear that the standards are much 
too complex for exhaustive testing however.

Cheers - Bill

Bill Frantz        | Truth and love must prevail  | Periwinkle
(408)356-8506      | over lies and hate.          | 16345 
Englewood Ave
www.pwpconsult.com |               - Vaclav Havel | Los Gatos, 
CA 95032

More information about the cryptography mailing list