On 22 March 2017 at 12:01, Eric Rescorla <e...@rtfm.com> wrote: > The maximum amount of wastage in this case is E_max - E_min where E_min is > the minimum amount of expansion of any cipher suite they support.
Right, I was concerned about the case where this difference is (potentially) large. That's all. The main problem I see with a design that shifts complexity to the sender is the economic one. I want to provide as much incentive to implement the sender side of this as possible, which means keeping it simple. If the cost of that is a little more complexity on receivers, but only when using block ciphers, I think that I can live with that. Given that the complexity is likely more in logic than it is code, then I'm even more happy with what I've proposed. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
