[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
From:       Hubert Kario <hkario () redhat ! com>
Date:       2016-01-12 14:19:21
Message-ID: 2252854.439XugcI3g () pintsize ! usersys ! redhat ! com
[Download RAW message or body]


On Monday 11 January 2016 17:28:33 Bill Frantz wrote:
> On 1/11/16 at 4:32 PM, watsonbladd@gmail.com (Watson Ladd) wrote:
> >Do the RFCs require the relevant checks or not? And given that
> >implementations frequently get these sorts of things wrong, how do we
> >make the standard robust against it?
> 
> The best way I can think of is to test to see if the checks are
> being done. For example, if a implementation is supposed to
> check if a number is prime, send a non-prime and see if it takes
> the correct action.
> 
> Publicly available test suites would be a good step toward
> implementing this strategy.

shameful plug: https://github.com/tomato42/tlsfuzzer and the underlying 
https://github.com/tomato42/tlslite-ng

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]