Paul, > > Is this requirement only based on not reusing the same IV on different > > cores or is there an additional factor I missed? > For AES-GCM there is a 2^32 max operations per private key as well.
Are you referring to NIST SP 800-38D ยง 8.3 ? This is the closest I could find to this restriction. But the 2^32 invocation limitation does not seem to apply when the IV is 96 bits long and deterministic (which is the case in AES-GCM ESP RFC4106). Is there another standard document that enforces the 2^32 limit also in the RFC4106 case ? Best, Guillaume _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
