[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 5.1-5.2
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
>> I don't find this acceptable.
>> 1) in order to avoid permitting users to shoot themselves
>> in the foot, some
>> GUI will have to *restrict* them to those ciphersuites.
Andrew> The nice thing about GUI ciphersuites is that you could choose to implement
Andrew> only the 2 MUST IMPLEMENT combinations and nothing else, and you would be
Andrew> interoperable with everyone else, but other people could still implement the
Andrew> feature however they want. (Unless the aim of ciphersuites is to cripple
Andrew> everyone's implementation equally so that yours doesn't stand out for not
Andrew> giving the user the choice.) Part of the purpose of GUI
Then how do you test all the code?
>> 2) Given the above, how do I test all combinations?
>>
>> Talk to your testing people on this. Let them make the decision.
Andrew> Our testers have a script for generating and negotiating every possible
Andrew> combination of algorithms. Personally, I don't think black box testing of
Andrew> this sort is very useful.
I do. Particularly when certain *combinations* are accelerated by
hardware. You have to make sure that you only use the hardware at the right
times, and in the right modes.
I have that script as well. I think that it is excessive featurism.
Andrew> Way back in the 80s (or perhaps even the 70s), someone invented the idea of
Andrew> modularity. Modularity makes testing every possible combination a luxury,
Andrew> rather than a necessity. The crypto code is first tested with known answer
Andrew> tests. Then the packet transform code is tested with the assumption that the
Andrew> crypto code works (perhaps using manual keying). Since the crypto is a black
Andrew> box, what you are testing is code that allocates buffers and moves memory
It is a nice theory. It works a lot of the time.
It also fails to catch interactions among different pieces of the system.
*UNTIL* someone tries to optimize things. Or the GUI people are told my
marketing to enable to FOO,BAR,BUMBLE combination because they need it for a
demo, and none of *them* realize that this combination has never been tested.
One might optimize because of code size (remember those PDA/phone people)
from a generic base.
The theory people also say that suites are a *LOT* easier to analyze.
The hardware people like suites, because it makes their hardware simpler
and provides them a better picture of what needs to be implemented. Remember
that testing of the VHDL/Verilog has to be done TOO.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPS8FNoqHRg3pndX9AQGwZQQAspydOasCqMVpc+sFmrecxXXm92E1ssjJ
t684G5lU/R/rzxcUy9y/INsjN9NVI97UPuOuT/8C50zZ8IYjR73QPI2yw0gBrMgm
fllB8qDRsnfrJPukiyT6MJpw+OHqNTDHAvHqKWwhp3d96JpYC2ZKkSRLd8v0/WTM
oP5K9nRrQhc=
=0B6v
-----END PGP SIGNATURE-----