On Fri, Oct 9, 2015 at 3:23 PM, Short, Todd <tsh...@akamai.com> wrote:
> > > On Oct 9, 2015, at 8:48 AM, Karthikeyan Bhargavan < > karthik.bharga...@gmail.com> wrote: > > - There is a 1/(2^N) chance that valid connections to TLS 1.2 servers will > be dropped by > TLS 1.3 clients, because of this proposal. This only happens for > servers that do not > use the unix timestamp (the current timestamp is greater than 0304xxxx). > Still, we need to carefully choose N so that this risk of connection > dropping is acceptable. > > > I’m thinking this chance can be reduced to 0. > Wouldn’t a TLSv1.3 client be able to recognize that it’s connecting to a > TLSv1.2 server, and not parse the first N bits of the server random? > The idea is to distinguish this case from the case where they are connecting to an attacker pretending to be a TLS 1.2 server. -Ekr -- > -Todd Short > // tsh...@akamai.com > // "One if by land, two if by sea, three if by the Internet." > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
