[Cryptography] GnuTLS -- time to look at the diff.

John Kelsey crypto.jmk at gmail.com
Tue Mar 11 07:59:43 EDT 2014

It seems like a more useful thing for the standards writers to do would be to produce a pretty comprehensive set of test cases (mostly things that should be rejected), and maybe offer a bounty on stuff that the protocol says should be rejected, but for which there is no test case exercising that bit of the code.  

A nicer coding style or a more modern language won't do nearly so much to prevent problems as that will.


More information about the cryptography mailing list