Closed rikard-sics closed 1 year ago
We have considerations about this now towards the end of section "Key Update with Forward Secrecy". Do we also need something in the security considerations?
This has now been done in commit 5d5e32124860ace8e49311adb5d2a48729a314da.
Motivate recommended nonce lengths, and tradeoffs if using a nonce length less than 8 (which is recommended).
Should we allow a zero-length nonce? In either case do not disallow a small nonce size, it can be used as long as awareness exists about potential security implications.