Brian E Carpenter <[email protected]> wrote: > One detail: when developing RFC 8991 we were given very strong advice to > avoid the word "nonce" as some people find it offensive (it has a slang > meaning in British English). We switched to "handle" in that RFC. But given > that GRASP and cGRASP both have a pseudo-random "session-id", why not simply > call it "message-id"?
Oh. The rest of the security community will be surprised, so I think that
ship has sailed, and we should stick with nonce, if it's purpose is freshness
and/or contribution to a cryptographic state.
{sitting in a cafe next to Farrindon station. Shall I ask a random person?}
> I am a little concerned by the reduction from 32 to 16 bits for the
> session-id.
Since it's CBOR, there are no on-the-wire changes.
It's really about saying that implementations can expect to use a 16-bit
register for this. I.e., it's not saving any bytes in the wire, it's saving
cycles on a CPU with a 16-bit ALU.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
