[SSL Observatory] Fuzzing TLS certificate validation implementations
Seth David Schoen
schoen at eff.org
Thu Apr 3 18:35:31 PDT 2014
This new paper compares the behavior of several different TLS client
implementations in accepting or rejecting server authentication
certificates:
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
Discrepancies in different implementations' decisions often pointed
to bugs!
I've written to ask if we can get their code or if they'd like to run
a similar test using data from the Observatory.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the Observatory
mailing list