On 31 December 2015 at 17:54, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > Zero checks can already be unit-tested/interop-tested just as well.
What ekr said applies, but also this: Yes, you can test that a given implementation does the right checks, but you won't be checking during normal operation. If you require session-hash, then every handshake includes that check and if someone messes up, the handshake just fails. That far more visible. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
