On Monday, October 19, 2015, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 19 October 2015 at 11:17, Eric Rescorla <e...@rtfm.com <javascript:;>> > wrote: > > Yeah, I think that's riding the nonce far too hard. > > On what basis? Any change in the nonce will cause the record > decryption to fail. That's the property we're looking for here, isn't > it? I don't believe that there's any reason to include the sequence number in the AD input of an AEAD. I think that an empty AD for TLS would be fine now that the content type is encrypted. (Not that I deeply care either way.) Cheers AGL -- Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls