On Dec 15, 2015, at 4:14 PM, Eric Rescorla wrote: > Watson kindly prepared some text that described the limits on what's safe > for AES-GCM and restricting all algorithms with TLS 1.3 to that lower > limit (2^{36} bytes), even though ChaCha doesn't have the same > restriction. > > I wanted to get people's opinions on whether that's actually what we want > or whether we should (as is my instinct) allow people to use ChaCha > for longer periods.
Perhaps the algorithm registration can provide the limit, allowing implementations use the full period for each algorithm. Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls