Kenny Paterson and I prepared a document providing an overview of how
much data ChaCha20+Poly1305 and AES-GCM can process with a single key.
Besides summarizing the results, the document also gives an explanation
of why the limits are there. The document confirms the analysis done by
Watson and others in the thread on "Data Volume Limits", but goes into
more detail.
The document can be found on Kenny's website:
http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf
Atul Luykx
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls