On Wed, Jul 29, 2020 at 04:22:15PM +0300, Tero Kivinen wrote: > Steffen Klassert writes: > > > > A secret salt in the nonce would be a new requirement anyway. > > I've checked RFC 4106 (ESP for GCM) and RFC 7634 (ESP for > > ChaCha20-Poly1305), both don't require a secret salt. > > It is true that they do not need secret salt, but they do have > unpredictable salt, which is created by the key derivation step. My > understanding was that this proposal did get rid of that salt too:
Yes, this proposal removes the unpredictable salt. I did not say it explicitely, but that was part of my critism on how they create the IV in my original mail. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
