Any TLS cipher suite that is specified for use with DTLS MUST define
limits on the use of the associated AEAD function that preserves
margins for both confidentiality and integrity. That is, limits MUST
be specified for the number of packets that can be authenticated and
for the number of packets that can fail authentication before a key
update is required. Providing a reference to any analysis upon which
values are based - and any assumptions used in that analysis - allows
limits to be adapted to varying usage conditions.
I am uncertain whether this document is the right place to place restrictions on IANA for this purpose beyond what has already been done elsewhere. Maybe there is a chance to do something in the TLS 1.3 update.
Francesca says
I am uncertain whether this document is the right place to place restrictions on IANA for this purpose beyond what has already been done elsewhere. Maybe there is a chance to do something in the TLS 1.3 update.