On Oct 9, 2015, at 8:48 AM, Karthikeyan Bhargavan <karthik.bharga...@gmail.com<mailto:karthik.bharga...@gmail.com>> wrote:
- There is a 1/(2^N) chance that valid connections to TLS 1.2 servers will be dropped by TLS 1.3 clients, because of this proposal. This only happens for servers that do not use the unix timestamp (the current timestamp is greater than 0304xxxx). Still, we need to carefully choose N so that this risk of connection dropping is acceptable. I’m thinking this chance can be reduced to 0. Wouldn’t a TLSv1.3 client be able to recognize that it’s connecting to a TLSv1.2 server, and not parse the first N bits of the server random? -- -Todd Short // tsh...@akamai.com<mailto:tsh...@akamai.com> // "One if by land, two if by sea, three if by the Internet."
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
