On Saturday, October 17, 2015 05:53:57 pm Eric Rescorla wrote:
> On Sat, Oct 17, 2015 at 2:34 PM, Dave Garrett <davemgarr...@gmail.com>
> wrote:
> > A 64-bit sentinel can be trivially checked as a 64-bit uint.
>
> And a 56-bit value can be trivially checked by masking off the last byte.
> Or, memcmp().
My point is that one is more trivial and someone might check for 64 when they
shouldn't be. It's the same thought process that deals with bad user agent
sniffing; developers come up with algorithms that are ideal now, not
necessarily in the future.
It's not a world-ending complaint, but I do think it's simpler to just use a
uint64 or 2.
> > It also has a slightly better collision risk, though it's already down
> > quite low
>
>
> Given that the TCP checksum has a false negative rate far higher than
> 2^{-56} and
> any TCP errors cause TLS handshake failures, this doesn't seem like much of
> an argument.
I'll concede the collision risk argument on that point, then. As I said,
already smaller than it was in the first proposal.
Dave
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
