From d8dbb68be81ced36e291de2f8f01f25d8e4dd96f Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Mon, 8 Feb 2021 19:41:21 +1100
Subject: [PATCH] Missed a superscript opportunity

---
 draft-ietf-quic-tls.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
index a290c92459..800dab66fa 100644
--- a/draft-ietf-quic-tls.md
+++ b/draft-ietf-quic-tls.md
@@ -2001,8 +2001,8 @@ Use of the same key and ciphertext sample more than once risks compromising
 header protection. Protecting two different headers with the same key and
 ciphertext sample reveals the exclusive OR of the protected fields.  Assuming
 that the AEAD acts as a PRF, if L bits are sampled, the odds of two ciphertext
-samples being identical approach 2^(-L/2), that is, the birthday bound. For the
-algorithms described in this document, that probability is one in
+samples being identical approach 2<sup>-L/2</sup>, that is, the birthday bound.
+For the algorithms described in this document, that probability is one in
 2<sup>64</sup>.
 
 To prevent an attacker from modifying packet headers, the header is transitively