[Ghost] This could be really useful

Tom Ritter <tom@ritter.vg> Sat, 01 August 2015 04:10 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: ghost@ietfa.amsl.com
Delivered-To: ghost@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id BA75A1B2A63 for <ghost@ietfa.amsl.com>; Fri, 31 Jul 2015 21:10:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.321
X-Spam-Level: *
X-Spam-Status: No, score=1.321 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 55ACCesbm0p3 for <ghost@ietfa.amsl.com>; Fri, 31 Jul 2015 21:10:33 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFC9C1B2A62 for <ghost@ietf.org>; Fri, 31 Jul 2015 21:10:32 -0700 (PDT)
Received: by wibxm9 with SMTP id xm9so56452414wib.0 for <ghost@ietf.org>; Fri, 31 Jul 2015 21:10:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=a6r9Zf0YCalkZ7QL3kP2n6aayPf0sEb88iCfXlTy6RQ=; b=v9CpP1Xh9RwkVHuux3rwsEQXzzYrceEnX+tkWZeAp3PF/Pbzw1qTHEpV4J+f25r4w0 DeyFsmFWXPkPrucMaHZrkUi18nNGpkE8l45dEjUX2lD8Kh4r0ysH1UFU68A59N+3JW8n EQVEjNlyzKiLa5wMinmh1gdboiozoNm6WOVLE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=a6r9Zf0YCalkZ7QL3kP2n6aayPf0sEb88iCfXlTy6RQ=; b=XBs83GPg1ONgUuSRvD3plg+PXOLh86EvjhC50++m1mX08lv3lb02DS8ccbvJ9mbZoL 4llCb0snIluBX296F4QNaJdGiw6L+nraBQBSNNNwZMcn+aH68uogPjzTDcoN+3pq49pa fzugGqXmtwIk9v4YIMjZgxE2SCLGa4P0UWFyslDuG1mYU1f7skJrplWDV5C2n64Uf6Dm A7urSIXPzaWDuh086CBenxRJ+7UdGZOjxIwYDgXONFkCBRdbAFCSFdmM3JwKfziKRRos FuMB4gU3NWKGAU1LL+bILR0Ttk4yvhNCQ4s9/kpGw4SWwkeL3hRpMnQ6kT61bqRUYBRq tZMQ==
X-Gm-Message-State: ALoCoQnAB/D42OHjgyi9gaPQ9x6iRFFBxhoGC4mxVGfNrLXmM6/uVznE5IRXM5IvCoe2Vj6HSW2w
X-Received: by with SMTP id p4mr13324853wia.27.1438402231297; Fri, 31 Jul 2015 21:10:31 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 31 Jul 2015 21:10:11 -0700 (PDT)
In-Reply-To: <E18BF42C3D667642ABC0EF4B6064EB67D1CB9DDC@MSMR-GH1-UEA02.corp.nsa.gov>
References: <E18BF42C3D667642ABC0EF4B6064EB67D1CB9DDC@MSMR-GH1-UEA02.corp.nsa.gov>
From: Tom Ritter <tom@ritter.vg>
Date: Fri, 31 Jul 2015 23:10:11 -0500
Message-ID: <CA+cU71k-JL+kd4wmGnwLhssVgGKPCNCiqQrtU6EtzvTF-psV1g@mail.gmail.com>
To: "Boyle, Vincent M" <vmboyle@nsa.gov>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ghost/t_CVbfEXnFOg3zLB_DtUg1D4ROc>
Cc: "ghost@ietf.org" <ghost@ietf.org>
Subject: [Ghost] This could be really useful
X-BeenThere: ghost@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for GatHering and reOrganizing STandards information \(GHOST\) team" <ghost.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ghost>, <mailto:ghost-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ghost/>
List-Post: <mailto:ghost@ietf.org>
List-Help: <mailto:ghost-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ghost>, <mailto:ghost-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2015 04:10:33 -0000

On Jul 30, 2015 1:35 PM, "Boyle, Vincent M" <vmboyle@nsa.gov> wrote:
> If we can  document actual implementation in some way that is fair and
> accurate (not easily gamed by people with proprietary interests), that
> would be great!

Test suites would go a long way towards documenting implementation
status, and promoting interoperable bug-free implementations. I dream
of a day where we have a full, open source test suite for (say) TLS
that operates at the TCP layer. It attempts to talk various flavors of
correct and incorrect TLS with a client or server, and makes sure the
other responds when it should and doesn't when it shouldn't.

We can hope vendors will use it... but the next step is actually to
push it towards the organizations doing the purchasing.  "Let me run
this test suite against your product.  Turns out it has a bug with CBC
Padding, chokes on extensions it doesn't understand, and is intolerant
if you try to negotiate a higher, unknown protocol version.  Go fix
those bugs, show me the patch, and I'll buy."