David Honig <[EMAIL PROTECTED]> writes:
> At 09:26 PM 8/16/99 -0700, Eric Rescorla wrote:
>
> >A horribly embarrasing packaging oversight has been fixed. Alpha 1
> >included test-only code that always verified every signature
> >on a certificate as true.
>
> Well, at least some of your testing went remarkably smoothly :-)
Quite so. It really shows the importance of doing negative
controls as well as positive controls.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/