joyantaDebnath
commented
3 months ago Hi there!
A colleague of mine (h/t @maxammann) shared your S&P paper with me. I think path validation benefits hugely from formal validation, and I was very excited to see your work in this space!
As you noted in your README, RFC 5280 is ultimately subject to human interpretation, and human interpretations of it have varied significantly in real-world implementations. My colleagues and I have helped build x509-limbo for this purpose: it's a suite of test vectors (for both RFC 5280 and the Web PKI) that check various common validation edge cases. We used it to inform the design and correctness of PyCA Cryptography's validator, and it's also found bugs in a few other implementations.
Based on your README, you might not be able to immediately integrate x509-limbo for testing (it uses a lot of ECDSA signatures, and also requires hostname support). But I figured I'd open this up anyways to bring it to your attention 🙂
Thank you for reaching out. We will work on this soon and reach out to you if we have any questions on X509-limbo.
Hi there!
A colleague of mine (h/t @maxammann) shared your S&P paper with me. I think path validation benefits hugely from formal validation, and I was very excited to see your work in this space!
As you noted in your README, RFC 5280 is ultimately subject to human interpretation, and human interpretations of it have varied significantly in real-world implementations. My colleagues and I have helped build x509-limbo for this purpose: it's a suite of test vectors (for both RFC 5280 and the Web PKI) that check various common validation edge cases. We used it to inform the design and correctness of PyCA Cryptography's validator, and it's also found bugs in a few other implementations.
Based on your README, you might not be able to immediately integrate x509-limbo for testing (it uses a lot of ECDSA signatures, and also requires hostname support). But I figured I'd open this up anyways to bring it to your attention 🙂