RFC Errata System <rfc-edi...@rfc-editor.org> writes: >The following errata report has been verified for RFC5288, >"AES Galois Counter Mode (GCM) Cipher Suites for TLS".
I think the erratum needs an erratum. Firstly, nonce doesn't mean "number used once". Secondly, nonce reuse doesn't just result in a failure of integrity-protection, it also results in a loss of confidentiality protection. In other words it leads to total breach of the encryption mode's security, both properties that it's supposed to provide are no longer present. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
