[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Black hole was Re: Analysis of Interop scenarios TLS
From:       Bill Frantz <frantz () pwpconsult ! com>
Date:       2009-12-16 7:38:33
Message-ID: r02010500-1049-03AA766EEA1611DE826D0030658F0F64 () [192 ! 168 ! 1 ! 5]
[Download RAW message or body]

mrex@sap.com (Martin Rex) on Wednesday, December 16, 2009 wrote:

>> But today it would be just more code (and unused code) on the server
>> + an extra test case or two.... so there are both pros and cons.
>
>Since such an option can not be covered in "regular" interop testing
>at the moment, I tend to agree that it is not worth trying, given
>the (lack of) interoperability track record of untested TLS protocol
>features.

I would think any test suite for TLS would include a client that indicates
it could accept a minor protocol number one larger than the latest
standard, and screams loudly should that number be accepted. Testing
version negotiation would seem a necessary for any test suite. YMMV.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"After all, if the conventional wisdom was working, the
408-356-8506       | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't it?" -- Marcus Ranum

[prev in list] [next in list] [prev in thread] [next in thread]