Given the issues w/ gcm currently under discussion, and that poly1305 was originally proposed to use w/ aes, should tls recommend aes-poly1305 instead of aes-gcm for those who want to continue to use aes?
Or does chacha-poly1305 not fall victim to the 2^36 attack not because of the aead but rather because of chacha? -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
