Brian E Carpenter <brian.e.carpen...@gmail.com> wrote:
> One detail: when developing RFC 8991 we were given very strong advice to
> avoid the word "nonce" as some people find it offensive (it has a slang
> meaning in British English). We switched to "handle" in that RFC. But
given
> that GRASP and cGRASP both have a pseudo-random "session-id", why not
simply
> call it "message-id"?
Oh. The rest of the security community will be surprised, so I think that
ship has sailed, and we should stick with nonce, if it's purpose is freshness
and/or contribution to a cryptographic state.
{sitting in a cafe next to Farrindon station. Shall I ask a random person?}
> I am a little concerned by the reduction from 32 to 16 bits for the
> session-id.
Since it's CBOR, there are no on-the-wire changes.
It's really about saying that implementations can expect to use a 16-bit
register for this. I.e., it's not saving any bytes in the wire, it's saving
cycles on a CPU with a 16-bit ALU.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
