[sannee]

Assume you build a product using TLS as the underlying encryption layer. Unfortunately, few months later, some bored mathematician figures out how to completely break AES and ECDH.

Should you be held accountable for choosing "weak" ciphers?

[jnbiche]

> Should you be held accountable for choosing "weak" ciphers?

That would be up to the jury. For something like your scenario, as long as you're keeping up and using industry best practices, you almost certainly would have nothing to worry about. In fact, a case like that would likely be dismissed immediately by the judge before it ever went to trial.

[sannee]

Okay then, let's assume you are doing something more cutting edge. Like speculative execution involving memory prefetching.

What are "industry best practices" for that? There are like 3 companies which do this competitively at scale and each of them guard their methods like it's the Coca-Cola recipe.

[tomc1985]

If a bored mathematician breaks AES, I think a lawsuit is going to be the least of my worries...