undefined | Better HN

0 pointsastrange4y ago0 comments

I'm not sure you can actually prove a TLS implementation is correct. It depends on the system clock being right, OCSP server being online, etc.

Even the encryption has to be free of side channels like timing attacks which are left out of what most people think of as a proof.

0 comments

1 comments · 1 top-level

wyager4y ago

You can prove a TLS implementation correct up to defined assumptions (e.g. clock consistency). There are already some projects working on this, eg https://project-everest.github.io/

j / k navigate · click thread line to collapse