TLS Evaluation Tooling for NDcPP: Lessons from TLS 1.2, TLS 1.3 and the Role of AI in Closing the Gaps (A21c)
The presenters have developed an automated test tool for NDcPP and Package PP TLS conformance evaluation, covering Security Functional Requirements across both TLS 1.2 and TLS 1.3—including session resumption and renegotiation. Building this tooling revealed a fundamental problem: several SFRs become ambiguous or difficult to test consistently across protocol versions. This talk identifies requirements that break across protocol versions, certificate validation edge cases the standard leaves unresolved, and how AI-assisted test generation and anomaly detection address gaps static scripts cannot. The presenters conclude with urgent actions before post-quantum hybrid TLS becomes commonplace in evaluated products.