On 11/10/2016 11:13 AM, Martin Rex wrote: > > There is a concept called "provable correctness", and folks (such as > those from the miTLS implementation) are using this approach to check/prove > whether TLS provides certain security properties (rather than just > assuming that these properties are provided). > > If hiding of ContentType has *real* value, then this property will be > formally provable. If the properties that someone asserts as value > can be proven to not exist (one counterexample is sufficient), > then the value is an illusion / obscurity, and definitely not real value. > >
My understanding was that our current knowledge of what capabilities traffic analysis makes possible and the countermeasures against them is quite poor, certainly not to the level where rigorous proofs are possible. So, I fear we must be operating "in the dark" in this regard for the near future. -Ben
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
