On Tue 2015-03-31 10:02:38 -0400, Eric Rescorla wrote:
> On Tue, Mar 31, 2015 at 7:01 AM, Eric Rescorla <e...@rtfm.com> wrote:
>> Either that or (my preference) specify an AEAD (combined encryption
>> and integrity) algorithm such as AES-GCM or ChaCha/Poly1305.
>> It's always hard to read community consensus, but my sense is that
>> AEAD represents the current best practice.
I think this fairly states the TLS WG's consensus.
> I should have mentioned, TLS 1.2 already supports AEAD algorithms and
> they're the only constructions which will be allowed in TLS 1.3.
This is true, but the framing mechanism (after the first handshake) is
potentially up for a transition in 1.3 as well.
I think it would be a mistake for tcpcrypt to duplicate the TLS framing
mechanism byte-for-byte. TLS carries with it a complicated and
difficult legacy, and its framing is a part of that. tcpcrypt has an
opportunity to not deal with that legacy, and can be cleaner. let's be
cleaner where we can be :)
--dkg
_______________________________________________
Tcpinc mailing list
Tcpinc@ietf.org
https://www.ietf.org/mailman/listinfo/tcpinc
