cry...@brainhub.org said: > I also think that counting in blocks is cleaner. Counting in bytes is a > close alternative.
Does counting bytes work? If the real limit is blocks, I think you will have to round up the byte count when you send a partial block. If re-keying too often isn't too expensive, you could get a safe answer by counting bytes and assuming that every byte went in a separate block. You might want to round down many more orders of magnitude so the re-key code gets exercised often enough. Or maybe provide a back door to set the limit so that path can be tested with reasonable resources. -- These are my opinions. I hate spam. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
