For context, see:
https://github.com/tlswg/tls13-spec/pull/372
On Tue, Dec 15, 2015 at 1:14 PM, Eric Rescorla <e...@rtfm.com> wrote:
> Watson kindly prepared some text that described the limits on what's safe
> for AES-GCM and restricting all algorithms with TLS 1.3 to that lower
> limit (2^{36} bytes), even though ChaCha doesn't have the same
> restriction.
>
> I wanted to get people's opinions on whether that's actually what we want
> or whether we should (as is my instinct) allow people to use ChaCha
> for longer periods.
>
> -Ekr
>
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
