kaduk
commented
2 years ago This seems promising.
Closed ekr closed 2 years ago
kaduk
commented
2 years ago This seems promising.
chris-wood
commented
2 years ago @ekr this LGTM, but there's a conflict. Can you resolve prior to merging?
@martinthomson, are you OK with the new rationale, and text that allows it to be relaxed in the future?
Yet another attempt to fix #249.
This builds on Chris's PR but just omits the epoch entirely from the AEAD nonce calculation. This is more consistent with TLS and doesn't require special case reasoning about why we only need to build in the bottom 16 bits. This relies entirely on the keys being different. Needs analysis.