Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missed a superscript opportunity #4825

Merged
merged 1 commit into from Feb 8, 2021
Merged

Missed a superscript opportunity #4825

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions draft-ietf-quic-tls.md
View file
Open in desktop
Expand Up @@ -2001,8 +2001,8 @@ Use of the same key and ciphertext sample more than once risks compromising
header protection. Protecting two different headers with the same key and
ciphertext sample reveals the exclusive OR of the protected fields. Assuming
that the AEAD acts as a PRF, if L bits are sampled, the odds of two ciphertext
samples being identical approach 2^(-L/2), that is, the birthday bound. For the
algorithms described in this document, that probability is one in
samples being identical approach 2<sup>-L/2</sup>, that is, the birthday bound.
For the algorithms described in this document, that probability is one in
2<sup>64</sup>.

To prevent an attacker from modifying packet headers, the header is transitively
Expand Down