Dear Eric, Thank you for your comment - indeed, re-keying mechanisms based on secret state are widely used in the protocols (key trees are usual practice in ESP with GOSTs for more than 10 years, for example). My point is that a simple (e.g. without any additional keys or structures) and effective mechanism to increase block cipher modes limitations on plaintext size can be helpful itself, without incorporating to a protocol. About connection with TLS 1.3 draft - for example, we don't want the GCM mode be defined inside some protocol RFC, it should be defined separately, isn't it? So the question is that if such mechanisms are needed, than separate documents on them can be a better solution. And my primary point here is about stateless techniques: as follows from the preprint I cited before, the key lifetime for CTR can be increased quadratically, for example. Kindest regards, Stanislav
Stanislav,
TLS 1.3 incorporates a rekeying mechanism (KeyUpdate) similar to that if Abdalla and Bellare 1(b). -Ekr On Sun, Aug 28, 2016 at 3:48 AM, Stanislav V. Smyshlyaev <smys...@gmail.com> wrote:
|
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls