From: Aaron Zauner <a...@azet.org<mailto:a...@azet.org>> Date: Wednesday, March 1, 2017 at 8:11 AM To: 'Quynh' <quynh.d...@nist.gov<mailto:quynh.d...@nist.gov>> Cc: Sean Turner <s...@sn3rd.com<mailto:s...@sn3rd.com>>, "<tls@ietf.org<mailto:tls@ietf.org>>" <tls@ietf.org<mailto:tls@ietf.org>>, IRTF CFRG <c...@irtf.org<mailto:c...@irtf.org>> Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
On 25 Feb 2017, at 14:28, Dang, Quynh (Fed) <quynh.d...@nist.gov<mailto:quynh.d...@nist.gov>> wrote: Hi Sean, Joe, Eric and all, I would like to address my thoughts/suggestions on 2 issues in option a. 1) The data limit should be addressed in term of blocks, not records. When the record size is not the full size, some user might not know what to do. When the record size is 1 block, the limit of 2^24.5 blocks (records) is way too low unnecessarily for the margin of 2^-60. In that case, 2^34.5 1-block records is the limit which still achieves the margin of 2^-60. I respectfully disagree. TLS deals in records not in blocks, so in the end any semantic change here will just confuse implementors, which isn't a good idea in my opinion. Over the discussion of the PRs, the preference was blocks. Quynh. Aaron
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
