Bryan A Ford <brynosau...@gmail.com> writes: >It would work just as well and in exactly the same way if the AEAD is >replaced with the traditional Encrypt-then-MAC construction, for example.
No it wouldn't, unless the encrypt part is a stream cipher. You're still locked into using an AEAD stream cipher or the equivalent of an AEAD stream cipher built with encrypt+MAC. It won't work with, for example, the OCB AEAD mode, or CBC + MAC. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
