Hi Eric, 1. For this text: "plus the length of the output of the signing algorithm. " in the last paragraph of Section 4.8.1, did you mean "plus the output of the signing algorithm." ?
2. "The length (in bytes) of the following TLSCiphertext.fragment. The length MUST NOT exceed 2^14 + 256. An endpoint that receives a record that exceeds this length MUST generate a fatal "record_overflow" alert. " . There could be a cipher that generates ciphertext longer than plaintext in some cases plus the tag. If the tag was 256 bits, then this requirement would disallow that cipher unnecessarily when a record size is 2^14. 3. "The padded sequence number is XORed with the static client_write_iv or server_write_iv, depending on the role." I think the ivs are not needed. 4. The current way nonce is specified would disallow ciphers that use any other ways of generating the nonce such as random nonces. Regards, Quynh.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
