[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] Black hole was Re: Analysis of Interop scenarios TLS
From: Bill Frantz <frantz () pwpconsult ! com>
Date: 2009-12-16 7:38:33
Message-ID: r02010500-1049-03AA766EEA1611DE826D0030658F0F64 () [192 ! 168 ! 1 ! 5]
[Download RAW message or body]
mrex@sap.com (Martin Rex) on Wednesday, December 16, 2009 wrote:
>> But today it would be just more code (and unused code) on the server
>> + an extra test case or two.... so there are both pros and cons.
>
>Since such an option can not be covered in "regular" interop testing
>at the moment, I tend to agree that it is not worth trying, given
>the (lack of) interoperability track record of untested TLS protocol
>features.
I would think any test suite for TLS would include a client that indicates
it could accept a minor protocol number one larger than the latest
standard, and screams loudly should that number be accepted. Testing
version negotiation would seem a necessary for any test suite. YMMV.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was working, the
408-356-8506 | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't it?" -- Marcus Ranum
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic