Martin Thomson wrote: > On 13 August 2015 at 15:22, David Mazieres > <[email protected]> wrote: > > > > * Unless and until applications disclose information about the session > > ID, all but the first byte MUST be computationally indistinguishable > > from random bytes to a network eavesdropper. > > > Don't call out the first byte. The whole thing is what will matter > here. As long as two session IDs are indistinguishable from each > other, I think that we're OK.
david is just exempting the negotiated "spec identifier" that TCP-ENO prepends to the collision-resistant hash of connection information. that byte indicates what encryption protocol was negotiated, and of course will be easily distinguishable from random. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
