I don't think that's what I intended: I think the limit should be ciphersuite specific. Unfortunately that requires more work.
On Tue, Dec 15, 2015 at 4:15 PM, Eric Rescorla <e...@rtfm.com> wrote: > For context, see: > https://github.com/tlswg/tls13-spec/pull/372 > > On Tue, Dec 15, 2015 at 1:14 PM, Eric Rescorla <e...@rtfm.com> wrote: >> >> Watson kindly prepared some text that described the limits on what's safe >> for AES-GCM and restricting all algorithms with TLS 1.3 to that lower >> limit (2^{36} bytes), even though ChaCha doesn't have the same >> restriction. >> >> I wanted to get people's opinions on whether that's actually what we want >> or whether we should (as is my instinct) allow people to use ChaCha >> for longer periods. >> >> -Ekr >> > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
