On Fri, Oct 13, 2017 at 11:21 AM, Eric Rescorla <e...@rtfm.com> wrote: > Maybe I'm missing something, but I don't think that that's correct. as long > as you're > willing to (a) restrict the jump to the same size as the transmitted part of > the sequence > number and (b) do a little trial decryption. > > We could, of course, also adopt the sequence number hopping scheme that we > use for QUIC, which works without trial decryption.
Either works for me (I was operating on the assumption that we would avoid trial decryption). _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
