Right. I fee l strongly that it'd be wise to bless a single 256-bit cipher as part of the core TLS 1.3 family of techniques, but I don't feel strongly that it should be AES-256. ChaCha?
Cheers, William On Fri, Feb 24, 2017 at 9:55 AM, Salz, Rich <rs...@akamai.com> wrote: > > There's an argument that it's worth building in a 256-bit cipher for > quantum resistance. Not clear that AES-256 is the best 256-bit cipher > though. > > Yes, I get that. > > "not clear" is a highly uncompelling argument, tho. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
