> Any big issue keeping N=8 > Regarding the length of N, I gather that the trade-off is that if it is too short, the probability of collisions between the signal and randomly generated server randoms becomes significant, and so does the probability of an active MitM forging the signal. Is there some other concern? 8 bytes seems fine for these considerations. Is the idea that we would reuse the downgrade sentinel?
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
