On Oct 9, 2015, at 8:48 AM, Karthikeyan Bhargavan 
<[email protected]<mailto:[email protected]>> wrote:

- There is a 1/(2^N) chance that valid connections to TLS 1.2 servers will be 
dropped by
   TLS 1.3 clients, because of this proposal. This only happens for servers 
that do not
   use the unix timestamp (the current timestamp is greater than 0304xxxx).
   Still, we need to carefully choose N so that this risk of connection 
dropping is acceptable.

I’m thinking this chance can be reduced to 0.
Wouldn’t a TLSv1.3 client be able to recognize that it’s connecting to a 
TLSv1.2 server, and not parse the first N bits of the server random?

--
-Todd Short
// [email protected]<mailto:[email protected]>
// "One if by land, two if by sea, three if by the Internet."

_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to