[jsmthrowaway]

Again, I'm talking about the "goto fail" one, not this one, in which a simple test of the library against an invalid certificate would have caught at least one case that I recall. And I think it's pretty obvious that "you might erroneously validate a bad certificate" is a bug that's, you know, a given.

[tptacek]

    Feature: *Certificate Validation*
      In order to *keep NSA from reading my emai*
      As a *TLS X.509 validation library*
      I want *to never erroneously validate a certificate*

What are the "Scenarios"?

      Given: *???*
      And: *???*
      When: *???*
      Then: *the certificate should be rejected*

Remember, if we're switching topics to the "goto fail" bug: that bug didn't affect every instance of certificate validation. You had to be in a particular set of ciphersuites.

[dasil003]

I agree with this demonstration of why acceptance tests are not going to prevent bugs like this, but I'm not so sure about unit tests. I've seen good unit tests reveal a lot of similarly difficult-to-spot bugs. Granted, a really good type system like Haskell gives you more guarantees than a test suite in less rigorously typed languages ever can, but I think you're too quick to dismiss unit tests out of hand. It's a tool in the quiver, and the reason TLS stacks don't tend to have them is not because they are not valuable, but probably because the developers weren't any good at unit testing.

[jsmthrowaway]

I spent a few minutes replying to your original comment, then you ninja edited in the closing paragraph and invalidated mine, so this is where I end the conversation. I can't reply to an ever-shifting comment with someone who reads what they want to read out of my comments and invokes the NSA for no reason whatsoever.

[tptacek]

You'd be a happier person if you didn't assume people were editing their comments just to make you look bad. You can be assured that if I had seen you respond to something I'd written, I'd have noted where I added to my original comment.

But I agree that you & I are better off not discussing things.

[jsmthrowaway]

I'm quite a happy person and thanks for the irrelevant concern trolling, based on a comment thread that's calling you out (do you always assume people that think you're wrong are unhappy or otherwise defective?). And no, I didn't assume those words you've placed in my fingers. I was, rather, annoyed that I invested a few minutes into a playing field that you'd already moved while I worked.

If you'd permit me a brief bit of my own concern trolling: I remember when I looked forward to reading your comments, several years ago. Now I see your nickname and say "bah, again?" What changed? Was it me or you?