Hi, > I think the erratum needs an erratum. Firstly, "nonce" doesn't mean "number > used once", and secondly nonce re-use in AES-GCM doesn't just result in > "catastrophic failure of it's authenticity", it results in catastrophic > failure of the entire mode, both confidentiality and integrity/authenticity.
I'd like to add that I don't see a difference between a "failure" and a "catastrophic failure". It's probably better to stay away from subjective words like that. -Rick _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
