Here is more, part of verifying is checking not only implementations are adhering to protocols but that the source of the authorization is valid as well as the authentication of proofs meet the specified criteria. All tests should assert conformity.
>Never trust, always verify.
Better, but actually trust only can come after verification and even then, after operational trust, random assertions should test conformity.