[Cryptography] Testing crypto protocol implementations

Jerry Leichter leichter at lrw.com
Mon Mar 3 11:28:01 EST 2014


On Mar 3, 2014, at 2:49 AM, Bill Frantz <frantz at pwpconsult.com> wrote:
>> There are a handful of DANE TLSA test sites, but their "interesting"
>> combinations of certificate chains and TLSA records are far from
>> sufficiently comprehensive.  Lack of a reasonably comprehensive
>> test-bed almost assures that flawed implementations will continue
>> to be produced, and users will continue to use them unaware of
>> their defects.
> 
> It needs to be easy to add "interesting combinations" to the test suite. Good tests of this nature grow as new problem chains, TLSA records etc. are discovered in the wild.
> 
> If it is possible, generating a complete set of combinations of flaws is not unreasonable. I fear that the standards are much too complex for exhaustive testing however.
Indeed.  See http://www.cs.dartmouth.edu/~sergey/langsec/ for some potentially significant work in this direction.  (It'll have to prove itself.)

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140303/8bcb1107/attachment.bin>


More information about the cryptography mailing list