David Gil <dgil(_at_)yahoo-inc(_dot_)com> writes:
On Friday, March 13, 2015 6:20 PM, Falcon Darkstar Momot
<falcon(_at_)iridiumlinux(_dot_)org> wrote:
I feel like perhaps this type of exhaustive testing is neither necessary
nor expected, and that a few end-to-end tests designed to exercise edge
cases could be combined with more exhaustive unit tests to achieve
reasonable results.
The difficulty, as always, is proving that an actual implementation is
modular. In the case of OpenPGP, it really isn't: A lot of data has to
get carried between each stage to ensure conformance with the
high-level semantics.
Having implemented it myself, I disagree completely. It is absolutely
possible to create a modular implementation. See my Usenix Security
Talk on the PGP Message Processing Pipeline from.... 1996??
[snip]
Protocol modularity is not evil.
Modularity is neutral. "Agility", as folks like to call it, is evil.
Well, it's a damn good thing we've had agility otherwise we'd have been
stuck with 3DES, SHA1 (or MD5!!), and probably either RSA or maybe
DSA/Elgamal.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp