> This makes me wonder: Would it be helpful to start compiling a big > list of things which could go wrong with a Tor implementation without > making it obviously broken? I think a checklist like that might help > people working on compatible implementations to have some idea what to > look for once you have something that interoperates. Would you have > found that useful? Would you find that useful now?
Yes, for sure. I would have found that very useful because the delta between a working implementation and a secure implementation is quite large and a checklist would allow me to go down the list and at least *know* that I'm missing things. Some of these details may even be underspecified and there would be no easy way for me to find out about them. --brl _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
