On Fri, Jan 1, 2016 at 11:00 AM, James Cloos <cl...@jhcloos.com> wrote:
> [Msg for followup picked at random from this thread -JimC] > > One thing we should remember on this thread is that it does not only > apply to aes and its' 128-bit block size. > > Because TLS chose to create a NotQuiteChaCha rather than use ChaCha, > its chacha20poly1305 also has a small data volume limit (2^40 bits; > only twice aesgcm's limit). > Can you elaborate on this point a bit? I haven't been focusing on ChaCha, but we're not quite done with ChaCha yet, so if changes are needed, now would be the time. -Ekr > So key updates or re-keying will be more universally required. > > (Are there any aeads currently spec'ed with both large enough blocks and > large enough nonces safely to avoid key updates?) > > -JimC > -- > James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
