On 19 October 2015 at 08:08, Eric Rescorla <e...@rtfm.com> wrote:
> overloading the time field
> lowers the risk of false positives because we can choose a sentinel that
> will never
> collide with a conformant TLS 1.2 ServerHello. By contrast, a sentinel in
> the
> randomly generated portion always has a 2^{-n} chance of collision.Yes, this is right. The marginal gain is that the proportion of servers that generate a time here are immune to collisions. If servers all servers did that, we wouldn't have to worry about collisions at all. Unfortunately, we do know that some generate random values. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
