This PR adds text requiring ciphertexts that do not decrypt to be discarded. It also adds some discussion of the impact of this requirement on the safety of short tags. (Thanks to @bren2010 for helping refine this analysis.)
@chris-wood - in #154 you mention addressing AEAD limits. Could you suggest some text for that? I was not able to interpret the CFRG draft. Also, it seems like we would need some analogous analysis for the AES-CTR-based AEAD modes described here. Do you have thoughts on that?
This PR adds text requiring ciphertexts that do not decrypt to be discarded. It also adds some discussion of the impact of this requirement on the safety of short tags. (Thanks to @bren2010 for helping refine this analysis.)
@chris-wood - in #154 you mention addressing AEAD limits. Could you suggest some text for that? I was not able to interpret the CFRG draft. Also, it seems like we would need some analogous analysis for the AES-CTR-based AEAD modes described here. Do you have thoughts on that?