On Tue, Dec 15, 2015 at 5:18 PM, Russ Housley <hous...@vigilsec.com> wrote:
>
> On Dec 15, 2015, at 4:14 PM, Eric Rescorla wrote:
>
>> Watson kindly prepared some text that described the limits on what's safe
>> for AES-GCM and restricting all algorithms with TLS 1.3 to that lower
>> limit (2^{36} bytes), even though ChaCha doesn't have the same
>> restriction.
>>
>> I wanted to get people's opinions on whether that's actually what we want
>> or whether we should (as is my instinct) allow people to use ChaCha
>> for longer periods.
>
> Perhaps the algorithm registration can provide the limit, allowing
> implementations use the full period for each algorithm.
That makes sense, but people might ignore these values in the
registry, and the entries might not be reviewed as well as they should
be compared to if they are in the relevant RFCs.
>
> Russ
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
--
"Man is born free, but everywhere he is in chains".
--Rousseau.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
