On 13 August 2015 at 15:22, David Mazieres <[email protected]> wrote: > > * Unless and until applications disclose information about the session > ID, all but the first byte MUST be computationally indistinguishable > from random bytes to a network eavesdropper.
Don't call out the first byte. The whole thing is what will matter here. As long as two session IDs are indistinguishable from each other, I think that we're OK. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
