>> That being said, I would prefer the solution to be a compliance test suite >> that checks if servers do handle correctly future versions, future >> extensions and future ciphersuites correctly. > > I agree with Hubert. The big question is how you get the bug report to the > server operator. > > With servers which are currently maintained, it should be possible, although > difficult in specific instances to contact the owner. With servers which > aren't being maintained, e.g. those in imbedded devices, the problem becomes > much harder.
There are two ways. First, use the Administrative and Technical contacts in the WHOIS database. They are ICANN contractual requirements, and they must be valid. Second, RFC 2142, MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS. Jeff _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
