On Tue, Dec 15, 2015 at 1:17 PM, Watson Ladd <watsonbl...@gmail.com> wrote:
> I don't think that's what I intended: I think the limit should be > ciphersuite specific. Unfortunately that requires more work. > That makes sense. Do you think you'll be able to provide that in the not too distant future? I can just leave this on ice till then... -Ekr > On Tue, Dec 15, 2015 at 4:15 PM, Eric Rescorla <e...@rtfm.com> wrote: > > For context, see: > > https://github.com/tlswg/tls13-spec/pull/372 > > > > On Tue, Dec 15, 2015 at 1:14 PM, Eric Rescorla <e...@rtfm.com> wrote: > >> > >> Watson kindly prepared some text that described the limits on what's > safe > >> for AES-GCM and restricting all algorithms with TLS 1.3 to that lower > >> limit (2^{36} bytes), even though ChaCha doesn't have the same > >> restriction. > >> > >> I wanted to get people's opinions on whether that's actually what we > want > >> or whether we should (as is my instinct) allow people to use ChaCha > >> for longer periods. > >> > >> -Ekr > >> > > > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > > > -- > "Man is born free, but everywhere he is in chains". > --Rousseau. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
