[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
From: Hubert Kario <hkario () redhat ! com>
Date: 2016-01-12 14:19:21
Message-ID: 2252854.439XugcI3g () pintsize ! usersys ! redhat ! com
[Download RAW message or body]
On Monday 11 January 2016 17:28:33 Bill Frantz wrote:
> On 1/11/16 at 4:32 PM, watsonbladd@gmail.com (Watson Ladd) wrote:
> >Do the RFCs require the relevant checks or not? And given that
> >implementations frequently get these sorts of things wrong, how do we
> >make the standard robust against it?
>
> The best way I can think of is to test to see if the checks are
> being done. For example, if a implementation is supposed to
> check if a number is prime, send a non-prime and see if it takes
> the correct action.
>
> Publicly available test suites would be a good step toward
> implementing this strategy.
shameful plug: https://github.com/tomato42/tlsfuzzer and the underlying
https://github.com/tomato42/tlslite-ng
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic