ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Interop grill-off

2005-09-21 04:35:02
from [Ian G] [Permanent Link] 

Jon Callas wrote:
I think it would be good for us to have some sort of interoperability test and event. Putting on my PGP Corporation hat, I'm happy to sponsor it. However, it doesn't *have* to be a physical event. 

Physics is fun, but net chemistry also works.  I've
had some degree of success in testing cross-platform
code using a "webservice" approach.  Basically, build
a server that offers a number of actions over HTTP **.

The basic action is an echo service that forms part of
a read/write cycle to prove serialisation.  It works
roughly this way:

1.  Create a garbage packet.
2.  Serialise it into its network form.
3.  Send it off to the other implementation
    over some sort of server protocol.
4.  The echo server sits there and waits for packets:
    a. read a packet in,
    b. parse it, objectise it,
    c. write it out again in network form,
    d. return it as the response to the request.
5.  The original sender reads back the response,
    recovers it and then compares it internally
    with the original packet it sent.

This means that there needs to be two routines
added to every packet:  create a garbage packet,
and compare two packets for equality.

Once that basic architecture is defined, many
variants are possible....
Does anyone else think it would be a good idea? Does anyone want to help put it on, come up with test cases, that sort of thing? 

It's definately a good idea.  The main thing
above would be to define a list of the minimal
packets that should be echoed:

   public key packet with basic feature set
        and only the MUST algorithms
   encrypted message,
   signed message, cleartext and binary
   encrypted + signed binary

Start with the absolute minimum.  (Obviously
encrypted and signed messages will involve
some state ....)

iang

PS:  To add in another buzzword, I'd do it in
REST format, which basically means do it as a
simulated web server, and have the client and
server deal with HTTP POST requests with some
form of application binary data.  This avoids
most of the complications of defining ones own
transport protocol, avoids having to talk to
the firewall people, and for most languages
means you don't have to run a server at all,
just slot it in as a CGI into Apache.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [v5] Re: Problems with v4 key packet format, Ian G
Next by Date:  Re: Bigger DSA keys, Ben Laurie
Previous by Thread:  Re: Interop grill-off, Daniel A. Nagy
Next by Thread:  Re: Interop grill-off, "Hal Finney"
Indexes:  [Date] [Thread] [Top] [All Lists]